Consider the following C code:
The danger is caused by using gets(). If the user input a string that is longer than 15, you will see the problem:
NOTE: you can compile this code by gcc -o bo bo.c
and execute it by : ./bo
GCC gives a warning, I can ignore it, and I will pay the price.
The danger is caused by using gets(). If the user input a string that is longer than 15, you will see the problem:
NOTE: you can compile this code by gcc -o bo bo.c
and execute it by : ./bo
GCC gives a warning, I can ignore it, and I will pay the price.
Here are the execution examples:
What it supposed to do:
This is why BUFFEROVERFLOW is dangerous, when the input is large enough that overwrites the variable passed.
This is what happen when the input is too large that it overwrite outside the stack:
use fgets() instead of gets()
No comments:
Post a Comment