2

Everything I read leads me to believe that this should cause a stack buffer overflow, but it does not:

#include <stdio.h>
#include <string.h>

int main(int argc, char *argv[]) {
    char password[8];
    int correctPassword = 0;

    printf("Password \n");
    gets(password);

    if(strcmp(password, "password"))
    {
        printf ("Wrong password entered, root privileges not granted... \n");
    }
    else
    {
        correctPassword = 1;
    }

    if(correctPassword)
    {
        printf ("Root privileges given to the user \n");
    }

    return 0;
}

But here is my output:

description

in this case, testtesttesttesttest is clearly larger than 8 characters, and, according to the source, it should cause a stack buffer overflow, but it does not. Why is this?

Improve this question
11
  • 11
    Because it's undefined behavior, so anything could happen. stackoverflow.com/documentation/c/364/…. Commented Jun 2, 2017 at 4:24
  • 2
    How exactly do you expect the stack overflow to manifest? When I run this I get the following output: Wrong password entered, root privileges not granted... *** stack smashing detected ***: ./Overflow terminated Commented Jun 2, 2017 at 4:24
  • What do p &password[8] and p &correctPassword show? Commented Jun 2, 2017 at 4:27
  • 1
    @merlin2011: If you compile it without stack protection it has a better chance of working. Commented Jun 2, 2017 at 4:28
  • 1
    There is no such thing as 'stack buffer overflow'. There is 'stack overflow', and 'buffer overflow'. Unclear what you're asking. Commented Jun 2, 2017 at 4:36

2 Answers 2

Reset to default
1

Reading more bytes then your buffer can contain won't always lead to a run-time error but it's a very bad and common error (read this article about smashing the stack). As I read from comments you added -fno-stack-protector to get the program to not print * stack smashing detected * but that's not a good idea. You should use scanf(" %8s",password) or something similar to limit the dimension of what you read.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

A Stack Buffer Overflow is indeed a thing as apposed to a heap buffer overflow
@bradgonesurfing I don't get where I'm talking about heap. Can you be more specific?
You criticized the term "Stack buffer overflow" for being an incorrect term claiming it different to a "buffer overflow". There is nothing wrong with the term "stack buffer overflow". It means precisely a buffer that exists on the stack which has been written to but outside it's bounds.
@bradgonesurfing I'm so sorry, you're right. I just misreading it.
1

Your code does cause a buffer overflow on the stack, in the sense that you have overwritten the allocated memory for the password buffer. Behold the memory that has been overwritten after you provide the input.

gcc -o Overflow Overflow.c -fno-stack-protector -g

gdb Overflow
(gdb) b 8
Breakpoint 1 at 0x4005cc: file Overflow.c, line 8.
(gdb) b 11
Breakpoint 2 at 0x4005e2: file Overflow.c, line 11.
(gdb) r
Starting program: /home/hq6/Code/SO/C/Overflow

Breakpoint 1, main (argc=1, argv=0x7fffffffde08) at Overflow.c:8
8       printf("Password \n");
(gdb) x/20x password
# Memory before overflow
0x7fffffffdd10: 0xffffde00  0x00007fff  0x00000000  0x00000000
0x7fffffffdd20: 0x00400630  0x00000000  0xf7a2e830  0x00007fff
0x7fffffffdd30: 0x00000000  0x00000000  0xffffde08  0x00007fff
0x7fffffffdd40: 0xf7ffcca0  0x00000001  0x004005b6  0x00000000
0x7fffffffdd50: 0x00000000  0x00000000  0x67fbace7  0x593e0a93
(gdb) c
Continuing.
Password
correctPassword

Breakpoint 2, main (argc=1, argv=0x7fffffffde08) at Overflow.c:11
11      if(strcmp(password, "password"))
(gdb) x/20x password
# Memory after overflow
0x7fffffffdd10: 0x72726f63  0x50746365  0x77737361  0x0064726f
0x7fffffffdd20: 0x00400630  0x00000000  0xf7a2e830  0x00007fff
0x7fffffffdd30: 0x00000000  0x00000000  0xffffde08  0x00007fff
0x7fffffffdd40: 0xf7ffcca0  0x00000001  0x004005b6  0x00000000
0x7fffffffdd50: 0x00000000  0x00000000  0x67fbace7  0x593e0a93

Whether or not a buffer overflow has undesirable side effects is undefined behavior.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.