Last active
June 2, 2017 10:21
-
-
Save tomrockdsouza/4654690d227c7c46c3ab9f2e9e646b57 to your computer and use it in GitHub Desktop.
C Demonstration of Buffer Overflow
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * This Program Only Works in DOS-BOX on Turbo C++ Compiler | |
| * To Get DOS-BOX emulator with Turbo C : https://www.google.com/search?q=turbo+C | |
| * | |
| * @author Tomrock D'souza, St. Francis Institute Of Technology, University of Mumbai, 2017 | |
| * Email: [email protected] | |
| * No reproduction in whole or part without maintaining this notice | |
| */ | |
| #include<stdio.h> | |
| #include<conio.h> | |
| #include<string.h> | |
| void main() | |
| { | |
| int i; | |
| char u[8], p[8], *a; | |
| // Assigning adress 9th value of char array to a. | |
| // It is clearly seen the "a" is using a adress space outside the scope of the declared array. | |
| a = &u[9]; | |
| //data in "a" is the number of attempts a user can retry a wrong User Name Password Combination | |
| *a = 3; | |
| printf("User:"); | |
| gets(u); | |
| // If user enters user name more than 9 characters the address *a will be overwriten | |
| // This will lead to undesirable results i.e. data in "a" will take the value of the 10th characters ASCII value | |
| // This will increase the number of attempts | |
| for (i = 0; i < (*a); i++) { | |
| printf("pass:"); | |
| gets(p); | |
| if (strcmp(p, "password")) { | |
| printf("Attempts remaining= %d\n", (*a) - i - 1); | |
| } | |
| else { | |
| printf("Password Matched"); | |
| break; | |
| } | |
| } | |
| getch(); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment