Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

The Art of Compiler on Buffer Overflow

The modern compiler GCC is so powerful that it can even prevent buffer overflow in compilation phase so that OS can not run code on stack space.

For example:

void function(char *str) 
{
   char buffer[16];

   strncpy(buffer, str, 256);
}

void main() 
{
  char large_string[256];
  int i;

  for( i = 0; i < 256; i++)
    large_string[i] = 'A';

  function(large_string);
}

The only way I can get the magic 0x41414141 is to set GCC compile parameter such like:

gcc -fno-stack-protector -z execstack stackoverflow.c -o stackoverflow

(I tested it on ubuntu 10.04 x86 lucid 32bits box)

Is there any way I can bypass the GCC stack smashing protection ?

like image 850
JustForTest Avatar asked Oct 23 '12 06:10

JustForTest


2 Answers

You should disable the stack protection when compiling:

gcc  -fno-stack-protector -z execstack stackoverflow.c -o stackoverflow

And you may want to also disable address space randomization (ASLR):

sudo sh -c 'echo 0 > /proc/sys/kernel/randomize_va_space'

Now you can try the buffer overflows, I recommend reading Smashing the Stack for Fun and Profit

Edit:

Like I said in my comment, it's safe to assume that it's acceptable in your assignment to disable the stack protection, however, if you want to bypass the stack protection you should check SOF for question related to canaries like this questions:

Is there any way to bypass SSP (StackSmashing Protection)/Propolice?

like image 99
iabdalkader Avatar answered Sep 29 '22 09:09

iabdalkader


There are certainly ways to circumvent the stack smashing protection (called stack canaries) although it won't be easy in your example. See my answer here for some of the weaknesses of stack canaries.

like image 33
mtvec Avatar answered Sep 29 '22 08:09

mtvec