Reputation: 131
Could you explain this bit of code?
So I've been reading about buffer overflows and Aleph One's article on stack smashing. I think I understand everything, except for this little bit in his exploit code:
ptr = buff;
addr_ptr = (long *) ptr;
for (i = 0; i < bsize; i+=4)
*(addr_ptr++) = addr;
buff and ptr are char arrays. addr holds a stack pointer that points to a place in memory at the start of the stack. bsize is the size of buff. What is it doing? Why is he saying i+=4? What is he setting addr_ptr equal to, and why? When I try to print it out I just get NULL.
Here's the link to the article: http://insecure.org/stf/smashstack.html
Thanks.
Upvotes: 4
Views: 183
Answers (1)
Reputation: 1208
He is moving by 4 bytes each time to progress one word (8 bits * 4 bytes = 32 bit word). Note that he comments about his guess and test method in the paragraph following your code example.
He is shooting in the dark, attempting to overflow the buffer. addr_ptr is being set to the address of ptr, then is being pushed along the buffer within the for loop.
Upvotes: 3
Related Questions
- What is the vulnerability in this C code?
- Explanation of C buffer overflow
- Buffer Overflow explanation
- C - Buffer Overflow Details
- Why is there a buffer overflow in this code?
- Explanation of this C Program
- Explain this code that runs a function without calling it explicitly?
- Buffer overflow in C
- Please explain what this piece of C code does
- about buffer overflow