0
我做的UB的特殊情況下的分析,瞭解通過緩衝區溢出攻擊的安全漏洞的目的。緩衝區溢出攻擊實驗,意想不到的結果
我聽不太懂的實驗結果故意室內用UB proked。我相信一個緩衝區溢出(位於另一個緩衝區和我的檢測器變量之間)會覆蓋另一個緩衝區和檢測器。
簡而言之:有什麼能爲變量 '值' 的值49的原因後
strcpy(buffer_two, argv[1]);
在此代碼:
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[]){
int value = 5;
char buffer_one[8];
char buffer_two[8];
strcpy(buffer_one, "one");
strcpy(buffer_two, "two");
printf("[BEFORE] buffer_two is at %p and contains \'%s\'\n", buffer_two, buffer_two);
printf("[BEFORE] buffer_one is at %p and contains \'%s\'\n", buffer_one, buffer_one);
printf("[AFTER] value is at %p and is %d (0x%08x)\n", &value, value, value);
printf("\n[STRCPY] copying %d bytes into buffer_two\n\n", strlen(argv[1]));
strcpy(buffer_two, argv[1]); /* Copy first argument into buffer_two. */
printf("[BEFORE] buffer_two is at %p and contains \'%s\'\n", buffer_two, buffer_two);
printf("[BEFORE] buffer_one is at %p and contains \'%s\'\n", buffer_one, buffer_one);
printf("[AFTER] value is at %p and is %d (0x%08x)\n", &value, value, value);
}
結果:
./overflow_example AAAAAAAAAAAAAAAA1
[BEFORE] buffer_two is at 0xbff2db0c and contains 'two'
[BEFORE] buffer_one is at 0xbff2db14 and contains 'one'
[BEFORE] value is at 0xbff2db1c and is 5 (0x00000005)
[STRCPY copying 17 bytes into buffer_two
[AFTER] buffer_two is at 0xbff2db0c and contains 'AAAAAAAAAAAAAAAA1'
[AFTER] buffer_one is at 0xbff2db14 and contains 'AAAAAAAA1'
[AFTER] value is at 0xbff2db1c and is 49 (0x00000031)
內存的堆棧上去。這意味着我們重寫buffer_one的值。但我不知道爲什麼「價值」的價值是影響
爲什麼你認爲'value'嚴格絕不能受到影響?該標準是否需要針對自動變量的特定內存佈局? – zerkms
您有緩衝區溢出,導致未定義的行爲。一切皆有可能。這個問題並不有趣,因爲代碼有UB。 –
我投票結束這個問題作爲題外話,因爲它是關於無趣的未定義的行爲。 –