![]() |
![]() |
int main(int argc, char* argv[ ])
{
char a[256];
gets( a );
printf("a=%s\n", a);
printf("&a=0x%x\n", &a);
}
[root@rh72 bufferOverflow]# ./boaddr
GETS
&a=0xbfffef50
strcpy(record, user);
strcat(record, “:”);
strcat(record, cpw);
strncpy(record, user, MAX_STRING_LEN-1);
strcat(record, “:”);
strncat(record, cpw, MAX_STRING_LEN-1);
Hint: Please read the smashing.doc for detailed steps in using gdb to understand the smashing stack problems. http://cs.uccs.edu/~cs591/bufferOverflow/smashing.doc
Note that internal rh72 and fc4 virtual machines were created for you inside viva.uccs.edu. In case rh72.csnet.uccs.edu and fc4.csnet.uccs.edu crashes. You can first login to viva.uccs.edu and then use "ssh -l <login> rh72int" or "ssh -l <login> fc4int" to login. Here <login> is your CS Unix machine login. The password is your SID (no dash).