hacking-workshop/bof2.c at master · FoothillCSClub/hacking-workshop · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
/*
 * bof2.c
 * This program was written to demonstrate the power of overwriting a saved
 * instruction pointer on a stack frame
 *
 * Suggested compiler settings:
 * $ <c compiler> -Wall -static -g -o bof2 bof2.c
 *
 * Author: Grond <grond66@foothillstemclubs.org>
 */

#include <stdio.h>
#include <string.h>
#include <stdlib.h>

// given pointers to two chars, swap them
void swap_chars(char *a, char *b) {
	char tmp;

	tmp = *a;
	*a = *b;
	*b = tmp;
}

// this does more or less what it's name advertises. nothing terribly deep going
// on here
void reverse_string(char *str) {
	size_t len = strlen(str);
	size_t i;

	for (i = 0; i < len/2; i++)
		swap_chars(str + i, str + len - 1 - i);
}

// function that drops a shell appropriate for the OS that we're running on.
// note that this function is not called from anywhere else in the code
void shell(void) {
#if defined(__unix__)
	system("sh");
#elif defined(_WIN32) || defined (WIN32)
	system("cmd");
#endif
}

int sub_main(void) {
	char buffer[100];

	printf("Give me a string, and I'll reverse it!\n : ");

	// read a line of user input. BUFFER OVERFLOW!
	gets(buffer);

	reverse_string(buffer);

	printf("If you were talking backwards, that would be:\n%s\n", buffer);

	// end the program by collapsing the stack frame that main() uses to
	// store it's local variables
	return 0;
}

int main(void) {
	return sub_main();
}