Ted Kat. wrote:
--- "Dennis K. Paulsen" <[EMAIL PROTECTED]> wrote:
Hello,
In the C language, the result of a buffer overflow is supposed to be
an undefined behavior. On occasion, the program might crash. Other
times, it might simply not produce the results you expected it to.
And a lot of times, in simple programs, nothing will happen (at least
noticable)....
One of the reasons for the undefined behavior might be the memory
"map" of a typical program. As far as a compiled C program, there
are generally four distinct regions of memory that get utilized. The
first region holds the executable code (code segment). The second
one is where global variables are stored. The other two are the
stack and the heap.....
Per the latest example below, there are three global variables... The memory is likely being contiguouslly allocated between the three,
so when you overflow one buffer its just spilling over to the memory
allocated for the other two variables....
Actually, that may explain the output being seen. If you were to
move the "printf("string::%s::\n", s);" underneath the first strncpy,
you'd likely see the first 12 or so characters from Some_String[]
inside of s[]; which makes more sense, but in its current
incarnation, the second strncpy looks like its filling up string[]
and then naturally overflowing into s[]. That's why s[] no longer
contains the first several characters of Some_String.... In this
case, since the memory is "there" and not being critically used for
something, no segfault occurs.
I hope that makes sense....
Regards,
Dennis K. Paulsen
Makes complete sence. By going thru those example programs with gdb I was able to see exactly what was going on with the global variables. Like checking out the stack and the data segment. So I know whats going on with the buffer overflow.
I guess I have two questions still. Why was the extra space alocated could this space be linux standard or gnu standard? And what in syslog() created the segfault in `95. Does anyone remember? Back in `95 I was just an AOL script kiddy :)
===== Ted Katseres ---------------- ------------------------ --------------------------------
__________________________________ Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. http://antispam.yahoo.com/tools
