lindebear lindebear -4 years ago 115
C Question

Buffer Overflow does not work on Mac OSX El Capitan

I've bought Jon Erickson's book "Hacking - The Art of Exploitation" and in it he describes a simple example of a buffer overflow like so:

int check_authentication(char *password) {
int auth_flag = 0;
char password_buffer[16];

strcpy(password_buffer, password);

if(strcmp(password_buffer, "password") == 0)
auth_flag = 1;

return auth_flag
}

int main(int argc, char* argv[]) {
if(argc < 2) {
printf("Usage: %s <password>\n", argv[0]);
}

if(check_authentication(argv[1])) {
printf("Access Granted.\n");
} else {
printf("Access Denied.\n");
}
}


After compiling at first I tested with
./a.out password
, which obviously works, then with
./a.out testtest
, which also works as expected. However if I want to invoke a buffer overflow via entering
./a.out AAAAAAAAAAAAAAAAA
(which are exactly 17 'A's, thus one too many for the
password_buffer
) to get the program to misbehave and print
Access Granted.
, the program just quits and the OSX El Capitan tells me I've got a
segmentation fault
. (Btw. I've also tried with more 'A's, but obviously still got the same error.)

Why is this? Is Apple's Memory Management too evolved to be tricked by simple things like this? Help would be greatly appreciated! If you know other good sites that explain how hacking can be learned, feel free to reference them!

Answer Source

I just found the solution! (yay \o/)

At first I tried compiling it via:
gcc -fno-stack-protector auth_overflow.c

However that didn't help much. I had to also set the -D_FORTIFY_SOURCE=0-flag to zero, like so: gcc -fno-stack-protector -D_FORTIFY_SOURCE=0 auth_overflow.c.

This way it finally worked and I got:

./a.out AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Access Granted.
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download