cyber-security-resources/buffer_overflow_example/demeter/stack.c

30 lines
625 B
C
Raw Permalink Normal View History

2021-03-18 14:10:55 -04:00
/* stack.c */
/* This is the program that introduces the buffer overflow vulnerability. */
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
int bof(char *str)
{
char buffer[12];
/* Can you spot the buffer overflow here? ;-) */
strcpy(buffer, str);
return 1;
}
int main(int argc, char **argv)
{
2021-03-18 14:13:05 -04:00
/* This tries to handle 517 bytes and the strcpy is trying to copy that to buffer which only has 12 bytes */
2021-03-18 14:10:55 -04:00
char str[517];
FILE *badfile;
badfile = fopen("badfile", "r");
fread(str, sizeof(char), 517, badfile);
bof(str);
printf("Returned Properly\n");
return 1;
}