This is here primarily as a useful place to point to as an example
We're deliberately allowing the character buffer mybuff to overflow. When called from bash, anything after the 5th input character will end up being executed as a BASH command
#include <stdio.h>
#include <unistd.h>
#define BUFLEN 5
void
readMyData()
{
char mybuff[BUFLEN];
while (1) {
int r = read(0, mybuff, BUFLEN);
if (r <= 0) return;
mybuff[r] = 0;
printf("You entered: %s\n", mybuff);
return;
}
}
void
main (){
readMyData();
}
gcc example.c -o overflow
./overflow
1234 whoami