Simple Buffer Overflow Example (C)

Ben Tasker

2017-05-16 13:11

Category: C

This is here primarily as a useful place to point to as an example

We're deliberately allowing the character buffer mybuff to overflow. When called from bash, anything after the 5th input character will end up being executed as a BASH command

Details

Language: C

Snippet

#include <stdio.h>
#include <unistd.h>

#define BUFLEN 5

void
readMyData()
{
  char mybuff[BUFLEN];
  while (1) {
    int r = read(0, mybuff, BUFLEN);
    if (r <= 0) return;
    mybuff[r] = 0;
    printf("You entered: %s\n", mybuff);
    return;
  }
}

void
main (){

    readMyData();

}

Usage Example

gcc example.c -o overflow
./overflow

1234 whoami