Project5 - Exploit - CS180 Synopsis Project 5 Due: Dec 7 No...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
CS180 Project 5 Due: Dec 7 No late submission accepted! Synopsis Abuse a poorly written program by exploiting a buffer overflow twice, once causing it to promise to send you $1,000,000, and another time causing the program to crash. Background The following program is subject to a buffer overflow exploit. #include <stdafx.h> #include <conio.h> // for getch() typedef struct student { char name[20]; float amount; int other_stuff; } person; int _tmain(int argc, _TCHAR* argv[]) { person p; // Create a person account (on the stack) p.amount = 10.0; // set amount gets(p.name); // get name (blindly ignoring buffer overrun) printf("Here is a $%10.2f gift for %s\n", p.amount, p.name); getch(); // Wait for user to type <Enter> before quitting return 0; } The trouble here is the call to “gets” which gets a string of characters typed from the keyboard and places them into a string array, stopping only when the user types a Return (or Enter). If the user types more than 19 characters, they (and the NULL which follows them) overflow
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 2

Project5 - Exploit - CS180 Synopsis Project 5 Due: Dec 7 No...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online