Socket program seg faulted: *** stack smashing detected ***

Question

So I have a person that I allowed to test out my Socket program and they got it to segfault with the message:

*** stack smashing detected ***: ./myProgram terminated

Which as I understand it, is a gcc compiler feature that detects when the stack gets unstable and kills the program. The problem is not the stack smashing, but the way that it happened. Apparently my program is vulnerable to remote code execution. He was connected via telnet.

I believe he used telnet to cause my socket program to segfault. What I don't know is how he did it and how to prevent it. My socket program is handling the buffering with a 1024 byte long char[]. And even if I tried with a 5 byte buffer and the message get's split up when it's over 5 bytes in that case.

So in summation I'm wondering if anyone knows how to "inject code" via telnet or some other method when the socket being connected to is custom written. And also how to prevent it from happening.

Edit:

Here's my source code: https://github.com/theMonster/ModularServer

Daniel Pryden · Accepted Answer

In Chatroom::recievedCommand you several times allocate buffers on the stack as char tmp[1024]; and then write text into them using sprintf, with no guarantee that the data written will be less than 1024 bytes.

This is pretty much the canonical example of a buffer overrun. OWASP has a whole page explaining the dangers here, and there's also lots of existing questions about this sort of thing on Stack Overflow. A quick search turned up understanding the dangers of sprintf(…) which is probably useful as well.

Socket program seg faulted: * stack smashing detected *

Edit:

Answers (2)

Related Questions