Buffer overflow!? Please HELP!
Hi people, my names Mark i'm new to this forum. I have been asked to listen vulnerabilities in this piece of code, focusing on buffer overflow etc. I am struggling to find what is wrong if anyone could please help me identify what is wrong!
here is the code:
#include <stdio.h>
#include <string.h>
const int NUM_USERS = 5; /*length of userDetails list*/
/* list of pairs of form {user, pasWd} */
char* userDetails[NUM_USERS][2] = { {"fred", "fred"}, {"bill", "bill"}, {"george", "george"}, {"yoko", "yoko"}, {"liane", "liane"} );
/* function to test input details */
bool isRecognised(char aName[], char aPword[]) {
int count = 0;
bool result = false;
while (count < NUM_USERS && result == false) {
if( strcmp((char*)userDetails[count][0], aName) ==0 &&
strcmp((char*)userDetails[count][1],aPword)==0 )
result = true; // end if
++count;
} // end while
return result;
}// end isRecognised
int main (void) {
char uName[10], pWord[10];
bool recognised;
int numAttempts = 0;
puts("please enter username & password ");
gets(uName);
gets(pWord);
recognised = isRecognised(uName, pWord);
while (numAttempts < 3 && recognised == false) {
++numAttempts;
puts("incorrect details: enter username & password again\n");
gets(uName);
gets(pWord);
recognised = isRecognised(uName, pWord);
} //endwhile
if(numAttempts < 3) {
puts("welcome in...");
} else {
puts("sorry can’t let you in...." );
} // endif
}
here is the code:
#include <stdio.h>
#include <string.h>
const int NUM_USERS = 5; /*length of userDetails list*/
/* list of pairs of form {user, pasWd} */
char* userDetails[NUM_USERS][2] = { {"fred", "fred"}, {"bill", "bill"}, {"george", "george"}, {"yoko", "yoko"}, {"liane", "liane"} );
/* function to test input details */
bool isRecognised(char aName[], char aPword[]) {
int count = 0;
bool result = false;
while (count < NUM_USERS && result == false) {
if( strcmp((char*)userDetails[count][0], aName) ==0 &&
strcmp((char*)userDetails[count][1],aPword)==0 )
result = true; // end if
++count;
} // end while
return result;
}// end isRecognised
int main (void) {
char uName[10], pWord[10];
bool recognised;
int numAttempts = 0;
puts("please enter username & password ");
gets(uName);
gets(pWord);
recognised = isRecognised(uName, pWord);
while (numAttempts < 3 && recognised == false) {
++numAttempts;
puts("incorrect details: enter username & password again\n");
gets(uName);
gets(pWord);
recognised = isRecognised(uName, pWord);
} //endwhile
if(numAttempts < 3) {
puts("welcome in...");
} else {
puts("sorry can’t let you in...." );
} // endif
}
read this:
http://cplusplus.com/reference/clibrary/cstdio/gets/
Especially this:
Please use code tags: [code]
See: http://www.cplusplus.com/articles/z13hAqkS/
http://cplusplus.com/reference/clibrary/cstdio/gets/
Especially this:
| gets does not let you specify a limit on how many characters are to be read, so you must be careful with the size of the array pointed by str to avoid buffer overflows. |
Please use code tags: [code]
Your code[/code]See: http://www.cplusplus.com/articles/z13hAqkS/
Last edited on
closed account (o3hC5Di1)
@coder777
If those arrays are only 10 bytes, would there still be a risk of buffer overflow?
I'm asking out of interest, not to undermine your answer.
Edit: Or is it because the arrays are so small that there is a bigger chance of the user inputting a larger number?
All the best,
NwN
char uName[10], pWord[10];If those arrays are only 10 bytes, would there still be a risk of buffer overflow?
I'm asking out of interest, not to undermine your answer.
Edit: Or is it because the arrays are so small that there is a bigger chance of the user inputting a larger number?
All the best,
NwN
Last edited on
Are you restricted to C? This would be so much easier if you weren't.
All the same, if you are including string.h, you should be able to use the declaration
and then using conio.h, you could also declare a character, use
All the same, if you are including string.h, you should be able to use the declaration
string password ="";//correct me if this is restricted to C++ and then using conio.h, you could also declare a character, use
|
|
@NwN
the point is that it crashes as soon as you enter more than 9 characters. gets() doesn't check against entering too many
the point is that it crashes as soon as you enter more than 9 characters. gets() doesn't check against entering too many
closed account (o3hC5Di1)
Right - thanks for clearing that up, I think I had a faulty idea of what a buffer overflow is.
I'll read up some more on it.
All the best,
NwN
I'll read up some more on it.
All the best,
NwN
Topic archived. No new replies allowed.