« previous next »
Pages: [1]   Go Down

Author Topic: Can anybody Identify all the vulnerable areas in this snippet?  (Read 4548 times)

0 Members and 1 Guest are viewing this topic.

May 18, 2010, 02:19:23 pm
Read 4548 times

mystery_reverse

  • Newbie
  • Offline
  • *
  • 2
Can anybody Identify all the vulnerable areas in this snippet?
#include <stdio.h>
#include <stdlib.h>

void
display ( char *string )
{
        printf(string);
}

int
main ( int argc, char **argv )
{

        int authorized = 0;
        int tries = 0;
        char input[64];

        printf("  Password checker \n");
   
        while ( tries != 3 ) {

                printf("Enter Your Password -> ");

                if ( gets(input) == NULL ) {
                        display("Failed call to gets(), aborting.\n");
                        break;
                }

                if ( strcmp(input, "malware") == 0 ) {
                        display("Correct password detected!\n");
                        authorized = 1;
                        break;
                } else {
                        display(input);
                        display(" : Incorrect password, please retry.\n");
                        tries++;
                }

        }

        if ( authorized )
                display("You have been given access to our system!\n");
        else
                display("You have not been given access to our system.\n");

        exit(0);

}
Logged
May 18, 2010, 07:08:35 pm
Reply #1

Garlando

  • Full Member
  • Offline
  • ***
  • 40
Re: Can anybody Identify all the vulnerable areas in this snippet?
i'm just a newbie in this area but the only vuln i (think) i spotted is a buffer overflow in if ( gets(input) == NULL ) { which causes abnormal exit if input is bigger than 64 bytes
Logged
May 18, 2010, 08:10:42 pm
Reply #2

ratsoul

  • Jr. Member
  • Offline
  • **
  • 23
    • inReverse
Re: Can anybody Identify all the vulnerable areas in this snippet?
Hello,

Quote from: mystery_reverse on May 18, 2010, 02:19:23 pm
#include <stdio.h>
#include <stdlib.h>

void
display ( char *string )
{
        printf(string);
}


Here we have a format string bug.

Quote from: mystery_reverse on May 18, 2010, 02:19:23 pm
int
main ( int argc, char **argv )
{

        int authorized = 0;
        int tries = 0;
        char input[64];

        printf("  Password checker \n");
    
        while ( tries != 3 ) {

                printf("Enter Your Password -> ");

                if ( gets(input) == NULL ) {
                        display("Failed call to gets(), aborting.\n");
                        break;
                }

                if ( strcmp(input, "malware") == 0 ) {
                        display("Correct password detected!\n");
                        authorized = 1;
                        break;
                }


And here buffer overflow.

Logged
Pages: [1]   Go Up
« previous next »