mnunberg · April 6, 2012 21:57
diff --git a/gistfile1.c b/gistfile1.c
 /**
 $ gcc -Wall bufcpy.c -o bufcpy -O2 && ./bufcpy
 GCCs __bos (For stack): 0x1
 GCCs __bos (For heap): 0xffffffffffffffff
 *** buffer overflow detected ***: ./bufcpy terminated
  ======= Backtrace: =========
 /lib/libc.so.6(__fortify_fail+0x37)[0x7f04254cb667]
 /lib/libc.so.6(+0xe2520)[0x7f04254ca520]
 ./bufcpy[0x400617]
 /lib/libc.so.6(__libc_start_main+0xfd)[0x7f0425406c4d]
 ./bufcpy[0x4004f9]
 ======= Memory map: ========
 00400000-00401000 r-xp 00000000 fd:15 41004                              /tmp/c/bufcpy
 00600000-00601000 rw-p 00000000 fd:15 41004                              /tmp/c/bufcpy
 02167000-02188000 rw-p 00000000 00:00 0                                  [heap]
 7f04251d2000-7f04251e8000 r-xp 00000000 fd:00 73802                      /lib/libgcc_s.so.1
 7f04251e8000-7f04253e7000 ---p 00016000 fd:00 73802                      /lib/libgcc_s.so.1
 7f04253e7000-7f04253e8000 rw-p 00015000 fd:00 73802                      /lib/libgcc_s.so.1
 7f04253e8000-7f0425540000 r-xp 00000000 fd:00 74202                      /lib/libc-2.11.2.so
 7f0425540000-7f042573f000 ---p 00158000 fd:00 74202                      /lib/libc-2.11.2.so
 7f042573f000-7f0425743000 r--p 00157000 fd:00 74202                      /lib/libc-2.11.2.so
 7f0425743000-7f0425744000 rw-p 0015b000 fd:00 74202                      /lib/libc-2.11.2.so
 7f0425744000-7f0425749000 rw-p 00000000 00:00 0
 7f0425749000-7f0425767000 r-xp 00000000 fd:00 74214                      /lib/ld-2.11.2.so
 7f0425928000-7f042592b000 rw-p 00000000 00:00 0
 7f0425963000-7f0425966000 rw-p 00000000 00:00 0
 7f0425966000-7f0425967000 r--p 0001d000 fd:00 74214                      /lib/ld-2.11.2.so
 7f0425967000-7f0425968000 rw-p 0001e000 fd:00 74214                      /lib/ld-2.11.2.so
 7f0425968000-7f0425969000 rw-p 00000000 00:00 0
 7fffd0f3f000-7fffd0f60000 rw-p 00000000 00:00 0                          [stack]
 7fffd0ff0000-7fffd0ff1000 r-xp 00000000 00:00 0                          [vdso]
 ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
 Aborted
 */

 #define _FORTIFY_SOURCE 2
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>

 struct sasl {
    const char *name;
    union {
        struct {
            unsigned long len;
            unsigned char data[1];
        } secret;
        char buffer[256];
    } password;
    void *callbacks[4];
 };

 #define STACK_MKSASL struct sasl sasl_stack;
 #define STACK_SASL (&sasl_stack)

 #define HEAP_MKSASL  struct sasl *sasl_heap = malloc(sizeof(*sasl_heap))
 #define HEAP_SASL sasl_heap

 int main(void)
 {
    STACK_MKSASL;
    HEAP_MKSASL;
    const char *str = "secret";
    printf("GCCs __bos (For stack): 0x%lx\n", __bos(STACK_SASL->password.secret.data));
    printf("GCCs __bos (For heap): 0x%lx\n", __bos(HEAP_SASL->password.secret.data));
    strcpy((char*)STACK_SASL->password.secret.data, str);
    strcpy((char*)HEAP_SASL->password.secret.data, str);
    return 0;
 }
	/**
	$ gcc -Wall bufcpy.c -o bufcpy -O2 && ./bufcpy
	GCCs __bos (For stack): 0x1
	GCCs __bos (For heap): 0xffffffffffffffff
	* buffer overflow detected *: ./bufcpy terminated
	======= Backtrace: =========
	/lib/libc.so.6(__fortify_fail+0x37)[0x7f04254cb667]
	/lib/libc.so.6(+0xe2520)[0x7f04254ca520]
	./bufcpy[0x400617]
	/lib/libc.so.6(__libc_start_main+0xfd)[0x7f0425406c4d]
	./bufcpy[0x4004f9]
	======= Memory map: ========
	00400000-00401000 r-xp 00000000 fd:15 41004 /tmp/c/bufcpy
	00600000-00601000 rw-p 00000000 fd:15 41004 /tmp/c/bufcpy
	02167000-02188000 rw-p 00000000 00:00 0 [heap]
	7f04251d2000-7f04251e8000 r-xp 00000000 fd:00 73802 /lib/libgcc_s.so.1
	7f04251e8000-7f04253e7000 ---p 00016000 fd:00 73802 /lib/libgcc_s.so.1
	7f04253e7000-7f04253e8000 rw-p 00015000 fd:00 73802 /lib/libgcc_s.so.1
	7f04253e8000-7f0425540000 r-xp 00000000 fd:00 74202 /lib/libc-2.11.2.so
	7f0425540000-7f042573f000 ---p 00158000 fd:00 74202 /lib/libc-2.11.2.so
	7f042573f000-7f0425743000 r--p 00157000 fd:00 74202 /lib/libc-2.11.2.so
	7f0425743000-7f0425744000 rw-p 0015b000 fd:00 74202 /lib/libc-2.11.2.so
	7f0425744000-7f0425749000 rw-p 00000000 00:00 0
	7f0425749000-7f0425767000 r-xp 00000000 fd:00 74214 /lib/ld-2.11.2.so
	7f0425928000-7f042592b000 rw-p 00000000 00:00 0
	7f0425963000-7f0425966000 rw-p 00000000 00:00 0
	7f0425966000-7f0425967000 r--p 0001d000 fd:00 74214 /lib/ld-2.11.2.so
	7f0425967000-7f0425968000 rw-p 0001e000 fd:00 74214 /lib/ld-2.11.2.so
	7f0425968000-7f0425969000 rw-p 00000000 00:00 0
	7fffd0f3f000-7fffd0f60000 rw-p 00000000 00:00 0 [stack]
	7fffd0ff0000-7fffd0ff1000 r-xp 00000000 00:00 0 [vdso]
	ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
	Aborted
	*/

	#define _FORTIFY_SOURCE 2
	#include <stdio.h>
	#include <string.h>
	#include <stdlib.h>

	struct sasl {
	const char *name;
	union {
	struct {
	unsigned long len;
	unsigned char data[1];
	} secret;
	char buffer[256];
	} password;
	void *callbacks[4];
	};

	#define STACK_MKSASL struct sasl sasl_stack;
	#define STACK_SASL (&sasl_stack)

	#define HEAP_MKSASL struct sasl sasl_heap = malloc(sizeof(sasl_heap))
	#define HEAP_SASL sasl_heap

	int main(void)
	{
	STACK_MKSASL;
	HEAP_MKSASL;
	const char *str = "secret";
	printf("GCCs __bos (For stack): 0x%lx\n", __bos(STACK_SASL->password.secret.data));
	printf("GCCs __bos (For heap): 0x%lx\n", __bos(HEAP_SASL->password.secret.data));
	strcpy((char*)STACK_SASL->password.secret.data, str);
	strcpy((char*)HEAP_SASL->password.secret.data, str);
	return 0;
	}