Variable Overflow Example

For this challenge you are to type input to a simple C or C++ program that will cause it to create incorrect results.

The following program reads a number as a string from the keyboard. This number is converted to an integer and then added to variable before printing the sum. The program attempts to insure that the sum of 50 plus the entered value is not greater than 100. Your challenge is to enter the proper characters to generate a sum greater than 100.

/* Example of a buffer overflow exploit that changes the value of a variable. */
#include <iostream>
using namespace std;
int result;
// sum of base and increment
int increment; // integer value of input data

int main(int argc, char** argv) {
int baseValue = 50;
// this value will be changed
char inbuf[4]; // short input buffer

cout << "The base value is "<<baseValue<< endl;
cout << "Enter the increment>";
cin >> inbuf;
// read input
increment = atoi(inbuf); // convert string to int
cout << "The increment is " << increment << endl;
if(increment > 49) {
// avoid values that are too big
cout <<"The increment is too big!" << endl;
}
result = baseValue + increment;
cout<<"The sum of the base and increment is" <<result<<endl;
return 0;
}



The source code for this program can be downloaded and a version in standard C is available.

Download the program and compile it with your favorite C or C++ compiler. Run the program and enter characters to create a sum greater than 100.

Hints:

· You will want to enter characters that have a useful ASCII code value.

· Strings read by cin are separated by space characters. You may need to make the number string long enough to generate an overflow. Consider using leading zeros.

· Intel CPUs are small endian machines. A four byte address is stored in reverse order with the least significant byte first at the lowest address.

· The ESP register, the extended stack pointer, contains the address of the current top of stack. You can use this information in a debugger to find the location of variables on the stack.

· The stack on an Intel processor grows from high addresses to low addresses. When a value is pushed on the stack, it will be at a lower address than previous values on the stack.