Investigation into the use of gets() in buffer overflow attacks |
|
Overview: During a home work assignment, we discovered that gets() cannot be exploited in a manner similar to using strcpy(). At first glance, it would appear that both C utilities should be equally vulnerable to a buffer overflow attack via stdin, since both use a buffer to store input and both accept input from stdin,. However, we determined that gets() does not respond to malformed input from stdin, but can be exploited if a file holding malformed input is redirected to gets(). This project has three goals:
|
|
References: |
|
Link to the actual paper: As the project progresses, a link will be placed to it here. |
|
Author: Frank Gearhart Presented as partial fulfillment of the course requirements for Fall 2005 CS591; University of Colorado at Colorado Springs, Colorado |