![]() |
![]() |
Category: Overflow | |
Definitions: |
|
Buffer Overflow - When a program uses gets( ) which reads all available data into the array without checking bounds.
Bounds Checking - gets( ) does no bound checking on the buffer.
|
|
What You Should Not Do |
|
Do not use gets( ) to read data.This can cause indeterminate program behavior (usually leading to a segfault), or hijack the program's flow. #include #include int main(void) { char buffer[16]; int pass=0 printf("\n Enter the password : \n"); if(gets(buffer)!=NULL) { if(strcmp(buffer, "thegeekstuff")) { printf ("\n Wrong Password \n"); } else { printf ("\n Correct Password \n"); pass = 1; } if(pass) { /* Admin rights given to the user*/ printf ("\n You are root \n"); } return 0; } } Here gets() does no bound checking on the buffer. This leads to the user gaining admin rights even if the password entered is wrong. For example , the user enters the following string as password pppppppppppppppppppp The output is going to be as follows: Wrong Password You are root |
|
What You Should Do |
|
Use fgets() which is a buffer safe function. fgets(buffer, sizeof(buffer), stdin); |
|
Concept Map |
|
This example refers to the point C (Do not use input or constructor string functions that do not perform in such a way that it can happen) and D (Do not use input or constructor functions that cannot check the length of the input)This maps to Bad Code and Input, in the concept map. |
|