Malware Domain List

Malware Related => Malware Analysis => Topic started by: mystery_reverse on May 18, 2010, 02:19:23 pm

Title: Can anybody Identify all the vulnerable areas in this snippet?
Post by: mystery_reverse on May 18, 2010, 02:19:23 pm
#include <stdio.h>
#include <stdlib.h>

void
display ( char *string )
{
        printf(string);
}

int
main ( int argc, char **argv )
{

        int authorized = 0;
        int tries = 0;
        char input[64];

        printf("  Password checker \n");
   
        while ( tries != 3 ) {

                printf("Enter Your Password -> ");

                if ( gets(input) == NULL ) {
                        display("Failed call to gets(), aborting.\n");
                        break;
                }

                if ( strcmp(input, "malware") == 0 ) {
                        display("Correct password detected!\n");
                        authorized = 1;
                        break;
                } else {
                        display(input);
                        display(" : Incorrect password, please retry.\n");
                        tries++;
                }

        }

        if ( authorized )
                display("You have been given access to our system!\n");
        else
                display("You have not been given access to our system.\n");

        exit(0);

}
Title: Re: Can anybody Identify all the vulnerable areas in this snippet?
Post by: Garlando on May 18, 2010, 07:08:35 pm
i'm just a newbie in this area but the only vuln i (think) i spotted is a buffer overflow in if ( gets(input) == NULL ) { which causes abnormal exit if input is bigger than 64 bytes
Title: Re: Can anybody Identify all the vulnerable areas in this snippet?
Post by: ratsoul on May 18, 2010, 08:10:42 pm
Hello,

#include <stdio.h>
#include <stdlib.h>

void
display ( char *string )
{
        printf(string);
}


Here we have a format string bug.

int
main ( int argc, char **argv )
{

        int authorized = 0;
        int tries = 0;
        char input[64];

        printf("  Password checker \n");
    
        while ( tries != 3 ) {

                printf("Enter Your Password -> ");

                if ( gets(input) == NULL ) {
                        display("Failed call to gets(), aborting.\n");
                        break;
                }

                if ( strcmp(input, "malware") == 0 ) {
                        display("Correct password detected!\n");
                        authorized = 1;
                        break;
                }


And here buffer overflow.