Menu
I've created a file which prints Hello, world as many times at the user wants to give input.
#include <stdio.h>
#include <string.h>
int main() {
char message[10];
int count, i;
strcpy(message, "Hello, world!");
printf("Repeat how many times? ");
scanf("%d", &count);
for(i=0; i < count; i++)
printf("%3d - %s\n", i, message);
}
No matter what the number entered it always results in a "stack smash". Here is the program, can anyone come up with a conclusion to why it is doing this? Here is the "traceback" that occurs after the stack smash is detected:
sean@blue:~/programming$ ./a.out
Repeat how many times? 12
0 - Hello, world!
1 - Hello, world!
2 - Hello, world!
3 - Hello, world!
4 - Hello, world!
5 - Hello, world!
6 - Hello, world!
7 - Hello, world!
8 - Hello, world!
9 - Hello, world!
10 - Hello, world!
11 - Hello, world!
*** stack smashing detected ***: ./a.out terminated
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x45)[0x1f8c75]
/lib/i386-linux-gnu/libc.so.6(+0xe8c27)[0x1f8c27]
./a.out[0x8048524]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf3)[0x129113]
./a.out[0x80483f1]
======= Memory map: ========
00110000-00288000 r-xp 00000000 08:01 1577912 /lib/i386-linux-gnu/libc-2.13.so
00288000-0028a000 r--p 00178000 08:01 1577912 /lib/i386-linux-gnu/libc-2.13.so
0028a000-0028b000 rw-p 0017a000 08:01 1577912 /lib/i386-linux-gnu/libc-2.13.so
0028b000-0028e000 rw-p 00000000 00:00 0
0036b000-0036c000 r-xp 00000000 00:00 0 [vdso]
00454000-00470000 r-xp 00000000 08:01 1573818 /lib/i386-linux-gnu/libgcc_s.so.1
00470000-00471000 r--p 0001b000 08:01 1573818 /lib/i386-linux-gnu/libgcc_s.so.1
00471000-00472000 rw-p 0001c000 08:01 1573818 /lib/i386-linux-gnu/libgcc_s.so.1
00e7e000-00e9c000 r-xp 00000000 08:01 1573924 /lib/i386-linux-gnu/ld-2.13.so
00e9c000-00e9d000 r--p 0001d000 08:01 1573924 /lib/i386-linux-gnu/ld-2.13.so
00e9d000-00e9e000 rw-p 0001e000 08:01 1573924 /lib/i386-linux-gnu/ld-2.13.so
08048000-08049000 r-xp 00000000 00:14 3801591 /home/sean/programming/a.out
08049000-0804a000 r--p 00000000 00:14 3801591 /home/sean/programming/a.out
0804a000-0804b000 rw-p 00001000 00:14 3801591 /home/sean/programming/a.out
08a9e000-08abf000 rw-p 00000000 00:00 0 [heap]
b77e8000-b77e9000 rw-p 00000000 00:00 0
b77fc000-b7800000 rw-p 00000000 00:00 0
bff87000-bffa8000 rw-p 00000000 00:00 0 [stack]
Aborted
983
Usually, the compiler generates the stack smashing detected error in response to its defense mechanism against buffer overflows. A buffer overflow occurs when the user input exceeds the buffer capacity. The following C code can cause the buffer to overflow if the user enters more than ten characters.
An input string of size greater than 10 causes corruption of this variable resulting in SIGABRT to terminate the program. To get some insight, you can try disabling this protection of gcc using option -fno-stack-protector while compiling.
Stack smashing is a form of vulnerability where the stack of a computer application or OS is forced to overflow. This may lead to subverting the program/system and crashing it. A stack, a first-in last-out circuit, is a form of buffer holding intermediate results of operations within it.
Emit extra code to check for buffer overflows, such as stack smashing attacks. This is done by adding a guard variable to functions with vulnerable objects. This includes functions that call alloca, and functions with buffers larger than 8 bytes.
Because "Hello, world!" is more than 10 characters...
92
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
