Simple examples of exploitable/nonexploitable buffer overflows

Posted 02 October 2012 - 04:45 AM

Hello, I'm trying to find examples of simple exploitable/nonexploitable buffer overflows. Does anyone have one?

For example, would this be an exploitable buffer overflow?

Char destination[5];
char *source = "LARGER";
strcopy(destination, source);

Is This A Good Question/Topic? 0

Replies To: Simple examples of exploitable/nonexploitable buffer overflows

#2 Salem_c

void main'ers are DOOMED

Reputation: 1418

Posts: 2,681
Joined: 30-May 10

Re: Simple examples of exploitable/nonexploitable buffer overflows

Posted 02 October 2012 - 06:12 AM

> Hello, I'm trying to find examples of simple exploitable/nonexploitable buffer overflows
If there is any buffer overflow, then the program is screwed anyway. So can there be any case which is "non-exploitable"?

I mean, you may not be able to run arbitrary code with a carefully crafted buffer, but causing it to crash counts as denial of service.

Further, any example would be highly specific to a given implementation, and likely to be patched before most people are aware that it even existed.

Was This Post Helpful? 0

#3 baavgai

Dreaming Coder

Reputation: 4884

Posts: 11,280
Joined: 16-October 07

Re: Simple examples of exploitable/nonexploitable buffer overflows

Posted 02 October 2012 - 06:40 AM

Yes. You crash.

To exploit an overrun, you generally want to be the one writing data into the buffer. There is then a chance you can make the program continue executing somewhere not intended.

However, all scenarios require a compiled program to abuse. All you've shown is potential for abuse.

Was This Post Helpful? 0