学校科协上学期讲了缓冲区溢出,后来我照着例子编了一个程序:
#include <stdio.h>
#include <string.h>
int main(void)
{ char largebuff[]="1234512345123451234512345===ABCD";
char smallbuff[16];
strcpy (smallbuff,largebuff);
printf(smallbuff);
}
然后用GCC编译,运行后显示缓冲区溢出,但后来用GDB分析时却出了问题,
(gdb) r
Starting program: /home/hui/a.out
*** stack smashing detected ***: /home/hui/a.out terminated
1234512345123451234512345===ABCD
Program received signal SIGABRT, Aborted.
0xffffe410 in __kernel_vsyscall ()
(gdb) i reg
eax 0x0 0
ecx 0x1ab1 6833
edx 0x6 6
ebx 0x1ab1 6833
esp 0xbff19ec8 0xbff19ec8
ebp 0xbff19ee0 0xbff19ee0
esi 0xbff19f80 -1074684032
edi 0xb7f54ff4 -1208659980
eip 0xffffe410 0xffffe410 <__kernel_vsyscall+16>
eflags 0x246 [ PF ZF IF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
本来此时的EIP应该为0x44434241可这里不是,
后来怀疑是GCC选项的问题,又用了-mpreferred-stack-boudery=4(按16字节对齐)还是没用。不知道是什么原因。
难道现在的GCC加了防溢出机制?请教个位高人。
[问题]对一个C程序的讨论
-
- 帖子: 38
- 注册时间: 2006-12-21 19:22
- 来自: Jiang Su China
-
- 帖子: 32
- 注册时间: 2006-10-24 0:00
- 联系:
- laborer
- 帖子: 1016
- 注册时间: 2005-10-25 11:15
- 联系:
给楼主一些提示
代码: 全选
$ man gcc
......
-fstack-protector
Emit extra code to check for buffer overflows, such as
stack smashing attacks. This is done by adding a guard
variable to functions with vulnerable objects. This
includes functions that call alloca, and functions with
buffers larger than 8 bytes. The guards are initialized
when a function is entered and then checked when the func‐
tion exits. If a guard check fails, an error message is
printed and the program exits.
NOTE: In Ubuntu 6.10 and 7.04 this option is enabled by
default for C, C++, ObjC, ObjC++.
......
代码: 全选
$ cat test.c
#include <stdio.h>
#include <string.h>
int main(void) {
char largebuff[]="1234512345123451234512345===ABCD";
char smallbuff[16];
strcpy(smallbuff,largebuff);
printf("smallbuff=\"%s\"\n", smallbuff);
printf("largebuff=\"%s\"\n", largebuff);
}
代码: 全选
$ gcc -g -fno-stack-protector test.c; ./a.out
smallbuff="1234512345123451234512345===ABCD"
largebuff="234512345===ABCD"
hreiser@oakland:~$ killall -9 wife
police@oakland:~$ sudo find / -user hreiser
court@oakland:~$ sudo mv /home/hreiser /jail/
court@oakland:~$ sudo usermod -d /jail/hreiser -s "/usr/sbin/chroot /jail/" hreiser
police@oakland:~$ sudo find / -user hreiser
court@oakland:~$ sudo mv /home/hreiser /jail/
court@oakland:~$ sudo usermod -d /jail/hreiser -s "/usr/sbin/chroot /jail/" hreiser
-
- 帖子: 16
- 注册时间: 2007-07-25 16:36