Author Topic: Can anybody Identify all the vulnerable areas in this snippet?  (Read 2908 times)

0 Members and 1 Guest are viewing this topic.

May 18, 2010, 02:19:23 pm
Read 2908 times

mystery_reverse

  • Newbie

  • Offline
  • *

  • 2
#include <stdio.h>
#include <stdlib.h>

void
display ( char *string )
{
        printf(string);
}

int
main ( int argc, char **argv )
{

        int authorized = 0;
        int tries = 0;
        char input[64];

        printf("  Password checker \n");
   
        while ( tries != 3 ) {

                printf("Enter Your Password -> ");

                if ( gets(input) == NULL ) {
                        display("Failed call to gets(), aborting.\n");
                        break;
                }

                if ( strcmp(input, "malware") == 0 ) {
                        display("Correct password detected!\n");
                        authorized = 1;
                        break;
                } else {
                        display(input);
                        display(" : Incorrect password, please retry.\n");
                        tries++;
                }

        }

        if ( authorized )
                display("You have been given access to our system!\n");
        else
                display("You have not been given access to our system.\n");

        exit(0);

}

May 18, 2010, 07:08:35 pm
Reply #1

Garlando

  • Full Member

  • Offline
  • ***

  • 40
i'm just a newbie in this area but the only vuln i (think) i spotted is a buffer overflow in if ( gets(input) == NULL ) { which causes abnormal exit if input is bigger than 64 bytes

May 18, 2010, 08:10:42 pm
Reply #2

ratsoul

  • Jr. Member

  • Offline
  • **

  • 23
    • inReverse
Hello,

#include <stdio.h>
#include <stdlib.h>

void
display ( char *string )
{
        printf(string);
}


Here we have a format string bug.

int
main ( int argc, char **argv )
{

        int authorized = 0;
        int tries = 0;
        char input[64];

        printf("  Password checker \n");
    
        while ( tries != 3 ) {

                printf("Enter Your Password -> ");

                if ( gets(input) == NULL ) {
                        display("Failed call to gets(), aborting.\n");
                        break;
                }

                if ( strcmp(input, "malware") == 0 ) {
                        display("Correct password detected!\n");
                        authorized = 1;
                        break;
                }


And here buffer overflow.