Segmentation fault

**Bachstelze** · November 16th, 2012

Some comments:

As you see, the string does not just consist of the address of bar (last 4 bytes), but also some gibberish before it (there is nothing sacred about "1234", it could be anything). This is because we are trying to overwrite the return address. On my machine, the stack looks like this:

Code:

+----------------+
| return address |   buf[22-25]
+----------------+
|  saved ebp     |   buf[18-21]
+----------------+
|   buf[14-17]   |
+----------------+
|   buf[10-13]   |
+----------------+
|   buf[6-9]     |
+----------------+
|   buf[2-5]     |
+--------+-------+
|        |buf[0-1]
+--------+-------+

So in order to overwrite the return address, we need to write on buf[22] to buf[25]. I suspect that in order to not segfault at all, we would need to write a good value on the saved ebp as well...

Originally Posted by trent.josephsen

That is what should generally happen when you overflow a buffer (and thereby scribble on memory you don't own). If you think there's a reason your code should not segfault, please post it.

The point is that here we are writing on memory that we own, but shouldn't write to. This is why the x86 arch is so bad from a security standpoint: it trusts that you are not going to write to some places, even though you technically can because you own them.

**Bachstelze** · November 16th, 2012

Also...

Originally Posted by goldy2425

I am new to linux and need urgent help.

I have no idea why something like this would be so urgent. If you want to use it for a prank, grow up. If it's homework, I suggest you actually pay attention in class.

**goldy2425** · November 16th, 2012

Thanks everyone for the quick response, I really appreciate that.
@Bachstelze I have to give a presentation on buffer overflow attack with a small demo. I am trying my best to make a small program to demonstrate this attack . I have turn off all the security but still it giving me the same error...

Originally Posted by Bachstelze

Also...

I have no idea why something like this would be so urgent. If you want to use it for a prank, grow up. If it's homework, I suggest you actually pay attention in class.

**Bachstelze** · November 16th, 2012

Then you should tell whoever asked you to give a presentation on this that you do not have the necessary knowledge and to ask someone else.

**dwhitney67** · November 16th, 2012

Originally Posted by goldy2425

... I have to give a presentation on buffer overflow attack with a small demo.

Depending on the audience at your demo, you may want to avoid any embarrassment from using the function strcpy().

Anybody who has any background with Information Assurance (IA) knows that function is considered evil and its use should be avoided. Only an amateur programmer would use strcpy().

Use strncpy() (or better yet, strlcpy() if available) instead.

**Bachstelze** · November 16th, 2012

Originally Posted by dwhitney67

Anybody who has any background with Information Assurance (IA) knows that function is considered evil and its use should be avoided. Only an amateur programmer would use strcpy().

The problem is that there are a lot of mediocre ("amateur" is not the correct word since they get paid, sometimes a lot) programmers in the world, writing code that gets used in real programs. If the purpose is to demonstrate how to exploit real programs, then of course you are going to need a poorly written one. If the program is correctly written, there is nothing to exploit.

(As an aside, this is why I'm not terribly interested in software security. Taking advantage of people's stupidity and/or ignorance is only fun for so long.)

**lisati** · November 16th, 2012

Originally Posted by schauerlich

So, it's a hack-y way to get a printout of the stack without GDB and friends. It's a hack, platform specific, and not guaranteed to work in other environments.

Thank you for the explanation. I know just enough C to know that something didn't look quite right.