Buffer Overflow: man strcpy

Buffer Overflow: man strcpy

Post by Felix Tille » Tue, 31 Oct 2000 23:04:15

Right out of the man page.

       If the destination string  of  a  strcpy()  is  not  large
       enough  (that  is,  if the programmer was stupid/lazy, and
       failed to check the size  before  copying)  then  anything
       might  happen.   Overflowing  fixed  length  strings  is a
       favourite cracker technique.

|  Felix Tilley                    |
|  Remove Percent Signs for Email  |



Buffer Overflow: man strcpy

Post by jose » Wed, 01 Nov 2000 00:29:37

> Right out of the man page.

duh. not new.

use strncpy(), use it properly. don't forget to terminate your strings.


Buffer Overflow: man strcpy

Post by Tilman Bo » Sat, 04 Nov 2000 05:02:02

Felix Tilley wrote on Mon, 30 Oct 2000 07:04:15 -0700:

Quote:> Right out of the man page.


And your point was?



1. double the buffer? - buffer overflows


I'm a novice programmer reading up on buffer overflows in order to secure
my own programs for exploitation. While reading over "Smashing The Stack
For Fun And Profit" (from phrack #49) i came accross the following
discrepancy on a standard workstation install of redhat 7.2 (gcc 2.96): I
complile this:

void function(int a, int b, int c) {
   char buffer1[5];
   char buffer2[10];
void main() {

with gcc -S -o example1.s example1.c

and instead of

        pushl %ebp
        movl %esp,%ebp
        subl $20,%esp

i have

        pushl   %ebp
        movl    %esp, %ebp
        subl    $40, %esp

under the function call. My question is: Why? Is this something redhat
specific? is this something gcc specific? is this the standard on most
linux (or even *nix) systems? I realise the article is a bit dated, but
having a buffer double the size caught be off guard.

Your insight would be greatly appreciated, Thanks. :)

2. IP masq in default RedHat kernel?

3. Telnet buffer overflow

4. Redhat 7.2 on Toshiba Satellite 1805-S204

5. buffer overflow in sparc sunOS 5.6

6. Shell Scripting

7. Sparc20 stalling: ring buffer overflow

8. Does Linux support crypt(1) and crypt(3)?

9. How does buffer overflow attack on telnetd occur?

10. NOTICE: zs3:ring buffer overflow

11. Buffer Overflow

12. Buffer overflow vulnerabilities

13. Possible buffer overflow