current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
Join the Stack Overflow Community
Stack Overflow is a community of 6.5 million programmers, just like you, helping each other.
Join them; it only takes a minute:
Sign up
up vote -1 down vote favorite
1
 
int a(char *string){
     ---define some string here
    val= strcmp (validString, string) == 0;
    return val? 1 : 0;
}   

int b(int a) {          
  do some stuff here
}

void main(int argc, char **argv){
    int c = 3434;
    char in[9];
    scanf("%s", n);

    if (a(in)){
        b(c);
    }
}

I was wondering if it was possible to overflow the variable "in" and jump to b with the arguments intact?

I know how to overflow and jump to an address in the program. But i don't know how I could call b with the argument(c).

If i try jumping to b(c); GDB tells me "Cannot access memory at address 0x3638785c"

Any hints or ideas I could use?

*Also note ASLR is disabled and so is stack protection

share|improve this question
    
On what platform and OS are you doing this? It has to be one that doesn't put c into a register because if it did it would be working. And it has to be one that puts the local variables contiguously in memory because if it didn't it would be working. – Jerry Jeremiah Dec 7 at 0:24
    
I am using C on linux – user126885 Dec 7 at 0:26
1  
so you essentially want to bypass the string comparison happening in a and execute b every time, regardless of the string comparison result? – yano Dec 7 at 0:31
    
Thats what I was attempting to do. I can get it to jump to and execute trivial lines in a like a print statement. But the bypass seems to go over my head, I can seem to get a hang of how to approach it – user126885 Dec 7 at 0:32
    
I assume you've thought of this, but could you overflow in with the value of c in the appropriate place? Or is the hard part here assuming you don't know the value of c? I'm not quite sure how all this would line up in memory without looking, this may be a dumb comment – yano Dec 7 at 0:52

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.