Intro to Info Security - Stackoverflow

Aug 21, 2019 07:40 · 250 words · 2 minute read

In between the finishing up Project 1 for Computer Networks course, I started watching the lectures for Introduction to Information Security, entirely finishing the first lesson — which introduces terms like the threat agent, vulnerabilities, exploits — and starting on the second set of lectures: software security. In the first few videos, the professors introduce the concept of stack overflows. Now, I’m familiar with the concept since it was covered in CS:APP3e (i.e. Computer Systems from a Programmer’s Perspective) but I need to shake off the rust.

In particular, I’m currently confused with the lectures example on using a stackoverflow to bypass a simple password authentication program. Since the stack grows downwards (i.e. high memory address to low memory address), wouldnt’ passing in a longer string to overwrite data in the stack actually overwrite the variable(s) with lower memory addresses, not higher?

Actually, not that I’m working out the example with paper and pen, I think I better understand what’s going on.

int allow_login = 0
char pwdstr[12];
char targetpwd[12] = "MyPwd123";
if (strcmp(pwdstr, targetpwd, 12) == 0){
    allow_login = 1;

if (allow_login == 0){
} else {

The allow_login can be overwritten with a long pwdstr value, which overflows and overwrites the allow_login variable (below is a byte addressable memory):

0xFF |  allow_login 
0xFE |
0xFD |
0xFC |
0xFB |
0xFA |
0xF9 |
0xF8 |
0xF7 |
0xF6 |
0xF5 |
0xF4 |
0xF3 |
0xF2 |
0xF1 | 
0xF0 | pwdstr