Instead, you must ensure that actions are taken to cause foo() to
return; only then will the overflow be triggered.
// This function does no bounds checking and may overflow
// any provided buffer
void bar(char *buffer_pointer) {
//do something stupid
...
}
// This function declares the stack allocated buffer that will
// be overflowed. It is not until this function returns that
// the overflow is triggered.
void foo() {
char buff[256];
while (1) {
bar(buff);
//now take some action based on the content of buff
//under the right circumstances break out of this
//infinite loop
}
}
Repeatability
Everyone wants to develop exploits that will work the first time every time. It is a little
more difficult to convince a pen-test customer that their software is vulnerable when
your demonstrations fail right in front of them. The important thing to keep in mind is
that it only takes one successful access to completely own a system. The fact that it may
have been preceded by many failed attempts is irrelevant. Attackers would prefer not to
swing and miss, so to speak. The problem from the attacker??™s point of view is that each
failed attempt raises the noise profile of the attack, increasing the chances that the attack
will be observed or logged in some fashion.
Pages:
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818