/* * a demonstration of buffer overflow * the goal: get it to print out "bad" * by branching to it (or "good") */ #include #include #include /* * the first uncalled routine */ void good(void) { printf("good\n"); } /* * the second uncalled routine */ void bad(void){ printf("bad\n"); } /* * the routine with the bug (er, vulnerability) */ void vuln(char *str) { char outbuf[512]; /* a buffer to overflow */ char buffer[512]; /* input buffer */ /* print a bogus error message -- note it is */ /* GUARANTEED not to overflow buffer! */ sprintf(buffer, "ERR Wrong command: %.400s", str); /* copy it -- and overflow can occur here */ sprintf(outbuf, buffer); /* print what you put into that buffer */ printf("outbuf: %s\n", outbuf); } /* * the starting point -- process the first arg */ int main(int argc, char *argv[]) { /* check for the right number of arguments */ if (argc != 2){ fprintf(stderr, "%s: need a format string as argument\n", argv[0]); return(1); } /* now process it! */ vuln(argv[1]); /* all done ... */ return(0); }