缓冲区溢出——《深入理解计算机系统》习题 3.38 详解
最近在攻读《深入理解计算机系统》( CS:APP) 一书,上面的实验题很有趣味。习题 3.38 说明了缓冲区溢出的基本原理,我颇费了一番心思才搞定了这道题,详解如下。
一、题目:
从 CS : APP 的网站上下载文件 bufbomb.c ,地址http://csapp.cs.cmu.edu/public/1e/public/ics/code/asm/bufbomb.c
内容如下:
01
/* Bomb program that is solved using a buffer overflow attack */
02
03 #include <stdio.h>
04 #include <stdlib.h>
05 #include <ctype.h>
06
07 /* Like gets, except that characters are typed as pairs of hex digits.
08 Nondigit characters are ignored. Stops when encounters newline */
09 char * getxs( char * dest)
10 {
11 int c;
12 int even = 1; /* Have read even number of digits */
13 int otherd = 0; /* Other hex digit of pair */
14 char *sp = dest;
15 while (( c = getchar()) != EOF && c != '/n') {
16 if ( isxdigit( c)) {
17 int val;
18 if ( '0' <= c && c <= '9')
19 val = c - '0';
20 else if ( 'A' <= c && c <= 'F')
21 val = c - 'A' + 10;
22 else
23 val = c - 'a' + 10;
24 if ( even) {
25 otherd = val;
26 even = 0;
27 } else {
28 *sp +
02
03 #include <stdio.h>
04 #include <stdlib.h>
05 #include <ctype.h>
06
07 /* Like gets, except that characters are typed as pairs of hex digits.
08 Nondigit characters are ignored. Stops when encounters newline */
09 char * getxs( char * dest)
10 {
11 int c;
12 int even = 1; /* Have read even number of digits */
13 int otherd = 0; /* Other hex digit of pair */
14 char *sp = dest;
15 while (( c = getchar()) != EOF && c != '/n') {
16 if ( isxdigit( c)) {
17 int val;
18 if ( '0' <= c && c <= '9')
19 val = c - '0';
20 else if ( 'A' <= c && c <= 'F')
21 val = c - 'A' + 10;
22 else
23 val = c - 'a' + 10;
24 if ( even) {
25 otherd = val;
26 even = 0;
27 } else {
28 *sp +