Hacking the Code – Buffer Overflow

Writing source code is not an easy task, especially in C.

The C source code below shows an example of taking user’s input into an array.

It will show “You Win” if i=1 or “You Lose” for i=0.

Source code. 

Since i is initialized to zero, intuitively we know we will always get “You Lose” for this source code.

Well. Not really.

Check for the next figure and you will see it.

Buffer overflow attack.

So, how people hack the security system? Now you’ve seen.

###

*Tested in Ubuntu 10.04 LTS.

*Special thanks to tansy@utar for his interesting Lab 2 material.

*Click here to download the source code: e0.c.pdf.

Advertisements

Author: zkchong

I have been teaching in university for 7 years and currently a data science engineer at Axiata Digital Advertising, Malaysia.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s