Stack smashing

Stack smashing

on May 3, 11 • by Alen Zukich • with No Comments

A while ago I talked about memory overflows.  Now in this latest installment, as we look at more interesting bugs, I’ve come across a new example.  Here is a situation described by a customer as “stack smashing”, which occurs when you copy a string of unknown length into a fixed buffer size. Just...

Home » Nasty Bugs » Stack smashing

A while ago I talked about memory overflows.  Now in this latest installment, as we look at more interesting bugs, I’ve come across a new example.  Here is a situation described by a customer as “stack smashing”, which occurs when you copy a string of unknown length into a fixed buffer size.

#include <stdio.h>;

void foo(char * v) {
    char buffer[10];
    if(v != NULL)
   {
            memcpy(buffer, v,strlen(v));
    }
}

int main (int argc, char ** argv)
{
    foo(argv[1]);
    foo("the longest string you can find");
    return 0;
}

Just like the memory overflow post this is another form of a buffer overflow.  So there you have it, just more terminology to describe bad things in your code.  Gwyn promises to give a follow up to these posts with some details on how this general area (stack corruption, tainted sources, etc.) can be exploited.  Can’t wait to see that.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Scroll to top