[CS-161]C语言内存漏洞以及利用方式
C语言有很多常见的漏洞
Buffer Overflow
stack smashing 里的一种
#include <stdint.h>
#include <stdio.h>
#include <string.h>
void display(const char *path)
{
char msg[128];
int8_t size;
memset(msg, 0, 128);
FILE *file = fopen(path, "r");
if (!file) {
perror("fopen");
return;
}
size_t bytes_read = fread(&size, 1, 1, file); <-----
if (bytes_read == 0 || size > 128)
return;
bytes_read = fread(msg, 1, size, file);//if size = (11111111)2 = -1 in int8_t but will be treat as 255 in size_t
puts(msg);
}
int main(int argc, char *argv[])
{
if (argc != 2)
return 1