fortify-source

What is a buffer overflow and how do I cause one?

by

Classical example of a buffer-overflow: // noone will ever have the time to type more than 64 characters… char buf[64]; gets(buf); // let user put his name The buffer overflow alone does most often not happen purposely. It happens most often because of a so-called “off-by-one” error. Meaning you have mis-calculated the array-size by one … Read more

Buffer overflow works in gdb but not without it

by

Exploit development can lead to serious headaches if you don’t adequately account for factors that introduce non-determinism into the debugging process. In particular, the stack addresses in the debugger may not match the addresses during normal execution. This artifact occurs because the operating system loader places both environment variables and program arguments before the beginning … Read more