1617, 1/81 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   ÇØÅ·ÀßÇÏ°í½Í´Ù
   http://¾øÀ½
   stack overflow »çÀÌÆ® ¹ø¿ª

http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Lectures&no=8612 [º¹»ç]


https://stackoverflow.com/questions/29910520/why-is-this-code-vulnerable-to-buffer-overflow-attacks

¹ø¿ª»ó ¿µ¾î ½Ç·ÂÀÌ ºÎÁ·Çؼ­ ¿À¿ªÇÑ °ÍÀÌ ÀÖÀ» Áöµµ ¸ð¸¨´Ï´Ù...


int func(char* str)
{
   char buffer[100];
   unsigned short len = strlen(str);

   if(len >= 100)
   {
        return (-1);
   }

   strncpy(buffer,str,strlen(str));
   return 0;
}





Why is this code vulnerable to buffer overflow attacks?
ÀÌ ÄÚµå´Â ¿Ö ¹öÆÛ ¿À¹öÇÃ·Î¿ì °ø°Ý Ãë¾àÁ¡ÀÌ ÀÖ³ª¿ä?

This code is vulnerable to a buffer overflow attack,
ÀÌ ÄÚµå´Â ¹öÆÛ ¿À¹öÇÃ·Î¿ì °ø°ÝÀÇ Ãë¾àÁ¡ÀÌ ÀÖ½À´Ï´Ù.

and I'm trying to figure out why.
±×¸®°í ¿Ö ±×·±Áö Àú´Â ¾Ë¾Æ³¾·Á°í ÇÏ°í ÀÖÁÒ.


I'm thinking it has to do with len being declared a short instead of an int,
lenÀ» int°¡ ¾Æ´Ï¶ó short·Î ¼±¾ðÇؼ­ ¹®Á¦°¡ »ý±ä °Í °°½À´Ï´Ù.


but I'm not really sure.
ÇÏÁö¸¸ È®½ÇÇÏÁö ¾Ê½À´Ï´Ù.








ÇÊÀÚ°¡ ´äº¯À» ÇÏÀÚ¸é...



short (¶Ç´Â signed short)
Å©±â: 2¹ÙÀÌÆ® (16ºñÆ®)
¹üÀ§: -32,768 ~ 32,767
(2ÀÇ º¸¼ö ¹æ½Ä ±âÁØÀ¸·Î -2^15 ~ 2^15 - 1)



unsigned short
Å©±â: 2¹ÙÀÌÆ® (16ºñÆ®)
¹üÀ§: 0 ~ 65,535
(0 ~ 2^16 - 1)




ÇÏÁö¸¸
int func(char *str)·Î ÀÎÀÚ°ªÀ» strÆ÷ÀÎÅ͸¦ ¹Þ´Âµ¥
strÀÇ Å©±â°¡ 65536°³¸¦ ³Ñ¾î¹ö¸®¸é...
¹öÆÛ ¿À¹öÇ÷ο츦 ÀÏÀ¸Å³ ¼ö ÀÖ´Â Ãë¾àÁ¡ÀÌ µÇ´Â °ÍÀÌ´Ù.








±×·¸´Ù¸é... ½ÃÅ¥¿© ÄÚµùÀ» ÇÑ´Ù¸é...

int func(char* str)
{
    char buffer[100];
    size_t len = strlen(str);

    if(len >= sizeof(buffer))
    {
        return -1;
    }

    strncpy(buffer, str, len);
    buffer[len] = '\0'; // ¼öµ¿À¸·Î ³Î Á¾·áÀÚ »ðÀÔ
    return 0;
}
  Hit : 889     Date : 2025/07/09 07:11


    
     [°øÁö] °­Á¸¦ ¿Ã¸®½Ç ¶§´Â ¸»¸Ó¸®¸¦ ´Þ¾ÆÁÖ¼¼¿ä^¤Ñ^ [29] ¸Û¸Û 02/27 21372
1616   ¸®´ª½º Ä¿³Î&¿î¿µÃ¼Á¦ °³·Ð (1)     ÇØÅ·ÀßÇÏ°í½Í´Ù
 11/02 408
  stack overflow »çÀÌÆ® ¹ø¿ª     ÇØÅ·ÀßÇÏ°í½Í´Ù
 07/09 888
1614   [L.O.B ¿øÁ¤´ë] - troll     ÇØÅ·ÀßÇÏ°í½Í´Ù
 07/08 1106
1613   [L.O.B ¿øÁ¤´ë] - orge     ÇØÅ·ÀßÇÏ°í½Í´Ù
 07/07 1069
1612   [L.O.B ¿øÁ¤´ë] - darkelf     ÇØÅ·ÀßÇÏ°í½Í´Ù
 07/07 1012
1611   [L.O.B ¿øÁ¤´ë] - wolfman     ÇØÅ·ÀßÇÏ°í½Í´Ù
 07/03 1050
1610   [L.O.B ¿øÁ¤´ë] - orc     ÇØÅ·ÀßÇÏ°í½Í´Ù
 07/03 924
1609   [L.O.B ¿øÁ¤´ë] - goblin     ÇØÅ·ÀßÇÏ°í½Í´Ù
 07/02 1025
1608   [L.O.B ¿øÁ¤´ë] - cobolt     ÇØÅ·ÀßÇÏ°í½Í´Ù
 07/02 1287
1607   [L.O.B ¿øÁ¤´ë] - gremlin     ÇØÅ·ÀßÇÏ°í½Í´Ù
 07/02 959
1606   [L.O.B ¿øÁ¤´ë] - gate     ÇØÅ·ÀßÇÏ°í½Í´Ù
 07/02 970
1605   ARP ½ºÇªÇÎ - Part.1 -     ÇØÅ·ÀßÇÏ°í½Í´Ù
 04/20 1521
1604   http ½º´ÏÆÛ ±¸Çö     ÇØÅ·ÀßÇÏ°í½Í´Ù
 04/20 1315
1603   pcapÀ¸·Î ÆÐŶ ½º´ÏÆÛ ±¸ÇöÇϱ⠠   ÇØÅ·ÀßÇÏ°í½Í´Ù
 04/20 1174
1602   ÇØÄ¿½ºÄ𠸸ȭÀÇ ÀÚµ¿À¸·Î ½ºÄµÇÏ´Â ÇÁ·Î±×·¥     ÇØÅ·ÀßÇÏ°í½Í´Ù
 02/18 1546
1601   ½Ã½ºÅÛ ÄÝ ÃßÀû È®ÀåÆÇ[2]     ÇØÅ·ÀßÇÏ°í½Í´Ù
 01/19 1679
1600   °£´ÜÇÑ ½Ã½ºÅÛ ÄÝ ÃßÀû ÇÁ·Î±×·¥ ¸¸µé±â     ÇØÅ·ÀßÇÏ°í½Í´Ù
 01/18 1654
1599   [overthewire.org] - leviathan1     ÇØÅ·ÀßÇÏ°í½Í´Ù
 01/14 2152
1598   [overthewire.org] - leviathan0     ÇØÅ·ÀßÇÏ°í½Í´Ù
 01/14 1804
1 [2][3][4][5][6][7][8][9][10]..[81]

Copyright 1999-2026 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org