Tuesday, March 4, 2014

Buffer Overflow or Smashing the stack in C

Given below is a little program to smash the stack or buffer overflow on Ubuntu Linux. The buffer is deliberately set to 10 which is very small, without any error checking.

#include <stdio.h>
#include <string.h>
/* Stack smashing example */

void echoinput(char *userinput)
  char buffer[10];
  strcpy(buffer, userinput);
  printf("\n\n%s\n\n", buffer);

int main(int argc, char **argv)
  return 0;

$ ./tst3 123456789    (The values are within buffer limits. Hence no overflow.)
$ ./tst3 1234567891011  (Values out of buffer limits, there is a buffer overflow.)
*** stack smashing detected ***: ./tst3 terminated
Aborted (core dumped)

Ubuntu Linux provides a very informational message ***stack smashing detected*** It is helpful for programmers to look at buffer values.

No comments:

Post a Comment