1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | #include <stdio.h>
void greet_visitor() {
int gt_top = 0xAAAAAAAA;
char name[10]; // BAD!!!
printf("Hello. What is your name?\n");
gets(name); // VERY, VERY, VERY BAD!!!
printf("Hello, %s.", name);
int gt_btm = 0xAABBBBAA;
}
// If we have successfully overwritten the return address with
// the address we want the system to go to next…
//
// Instead of returning to main(…), trick the problem into going to
// scare_visitor(…).
void scare_visitor() {
int sv_top = 0xAACCCCAA;
char message[10] = "BRAH!!!\n"; // OKAY
printf(message);
int sv_btm = 0xAADDDDAA;
}
int main(int argc, char *argv[]) {
int mn_top = 0xAAEEEEAA;
greet_visitor();
int mn_btm = 0xAAFFFFAA;
return 0;
}
/* vim: set tabstop=4 shiftwidth=4 fileencoding=utf-8 noexpandtab: */
|
© Copyright 2019 Alexander J. Quinn This content is protected and may not be shared, uploaded, or distributed.