Reputation: 95
Buffer-Overflow in simple C program
I wrote a C program which checks if a certain password is entered and returns a file called Secret when the password is correct (at least that 's what it is supposed to do). During testing I found that it is not behaving as intended when entering exactly 15 times the number 1 (111111111111111) as input, the file Secret is shown even tough this is not the password stored in the file.
I added the sanitize method which removes all non alphabetic characters but apparently that did not fix it.
I do not really understand why I get an Overflow and which variable(s) (and their memory) are affected.
Upvotes: 0
Views: 201
Answers (1)
Reputation: 10675
Strings in c must have the last char as being '\0' (null terminator). This means that, when you do an allocation like this:
char pass[15];
you are indeed allocation 14 characters and 1 for null terminator.
strcpy works based on this. If your strings does not have a terminator you will get an buffer overflow.
Looking at the password of 15 1's it becomes clear that you are not letting space to put a null terminator
To avoid that, start using strncpy function and its family
Upvotes: 1
Related Questions
- Why am I getting buffer overflow?
- Why am I not getting a Buffer Overflow?
- What is wrong with this buffer overflow solution in c?
- Buffer overflow in C with gets
- C - Buffer Overflow Issue
- Why is there a buffer overflow in this code?
- Dilemma with Buffer overflow
- Buffer Overflow not working
- Buffer overflow in C
- Problems with C code for buffer overflow