A more real trial of a C overflow virtual function pointer
Creation time: 2002-04-24 Article properties: reproduced article Source: Watercloud@nsfocus.com Article Submitted: Inburst (Inburst_AT_263.NET) Sender: Watercloud (Watercloud), Letter Area: Network Security Label Function pointer's more realistic experiments Sending station: Security focus (2002-04-24 19:55:55) First write a program bug.cpp Inside the getBuff method from the file bug.conf into buff, no boundary inspection. PrintBuff is a virtual function #include #include #include class classbase {public: char buff [128]; void getBuff () {ifstream myin.open (" Bug.conf "); cout <<" get buff from file: bug.conf "<< Endl; myin >> buff; //, this usage is not a few!}; virtual void printbuffer (void) { };}; Class Classa: Public classbase {public: void printbase {public: void printbuffer (void) {cout << "name:" << buff << Endl;};}; int main (void) {classA; classbase * pa = & a COUT << & a << endl; A.GetBuff (); // ---- There is no boundary check on this! PA-> PrintBuffer (); return 0;} compile: bash-2.05 $ gcc bug.cpp -lstdc -o bug then creates a file bug.conf Write a line Cloud and then runs bug to see: bash-2.05 $ ./bug 0xbfbffb38 get buff from file: bug.conf name: Cloud Bash-2.05 $ see, read data and display .
