/*攻击效果:如果输入的密码超过7个字符,将更改authenticated值*/
/*所以,当你输入'12345*** '时均会显示密码输入正确*/
/*原因:address of authenticated:000000000061F9DC
address of buffer:000000000061F9D4
strcpy复制时,直接将输入完整地给buffer,导致溢出地值变为authenticated值
*/
#include <stdio.h>
#include<cstring>
#define PASSWORD "1234567"
int verify_password (char *password)
{
int authenticated;
char buffer[8]; //
authenticated=strcmp(password,PASSWORD);
strcpy(buffer,password);
printf("address of authenticated:%p\n",&authenticated);
printf("address of buffer:%p\n",buffer);
return authenticated;
}
int main()
{
int valid_flag=0;
char password[1024];
while(1)
{
printf("please input password: ");
scanf("%s", password);
valid_flag=verify_password(password);
if(valid_flag)
{
cout<<valid_flag<<endl;
cout<<"incorrect password!\n\n";
}
else
{
printf("Congratulation! You have passed the verification!\n");
break;
}
}
return 0;
}
浙公网安备 33010602011771号