Saturday, December 30, 2006

gets()

Well we all know that whenever we compile a file containing a refference to gets() function, the compiler gives a warning that using gets() might be dangerous.....

The reason is very simple... gets simply copies the input string on to the program stack without inpecting its size... for example the code...
void enterstring()
{
char string[FIXEDLENTH];
gets(string);
}
now when the function is called then the space for the local variable string gets allocated in the program stack. If the length of the input is now greater than the FIXEDSIZE then the stack gets over written... but how this is dangerous???

Well one can very easily modify the flow of control in a program by just buffer overflow... consider for example... when the function enterstring was called then the stack contains the return address in to the main function.. now I could input the buffer in such way such that my buffer contains a malicious machine code and also changes the return address in the stack to a position in the buffer from where my malicious code starts... bas ho gaya kam.... or even if you cant write a machine language code in the buffer than also you could change the return address and thereby modifying the program execution...

I have a very interesting link which gives the above task as an lab assignment!!!!! Its really COOL have a look.... and for those who really wanna hack theres an another link .

No comments: