Added Project 1 (Exploiting Buffer Overflows in C)

nashi5566 · Jun 17, 2015 · 0e773ae · 0e773ae
1 parent 9ebc843
commit 0e773ae
Show file tree

Hide file tree

Showing 3 changed files with 117 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -30,3 +30,5 @@
 
 # Debug files
 *.dSYM/
+
+.DS_Store
diff --git a/README.md b/README.md
@@ -0,0 +1,6 @@
+Maryland-Software-Security
+==========================
+
+Software Security (University of Maryland, College Park)
+
+https://www.coursera.org/course/softwaresec
diff --git a/src/Project 1/wisdom-alt.c b/src/Project 1/wisdom-alt.c
@@ -0,0 +1,109 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <errno.h>
+#include <string.h>
+#include <sys/types.h>
+#include <time.h> 
+
+char greeting[] = "Hello there\n1. Receive wisdom\n2. Add wisdom\nSelection >";
+char prompt[] = "Enter some wisdom\n";
+char pat[] = "Achievement unlocked!\n";
+char secret[] = "secret key";
+
+int infd = 0; /* stdin */
+int outfd = 1; /* stdout */
+
+#define DATA_SIZE 128
+
+typedef struct _WisdomList {
+  struct  _WisdomList *next;
+  char    data[DATA_SIZE];
+} WisdomList; 
+
+struct _WisdomList  *head = NULL;
+
+typedef void (*fptr)(void);
+
+void write_secret(void) {
+  write(outfd, secret, sizeof(secret));
+  return;
+}
+
+void pat_on_back(void) {
+  write(outfd, pat, sizeof(pat));
+  return;
+}
+
+void get_wisdom(void) {
+  char buf[] = "no wisdom\n";
+  if(head == NULL) {
+    write(outfd, buf, sizeof(buf)-sizeof(char));
+  } else {
+    WisdomList  *l = head;
+    while(l != NULL) {
+      write(outfd, l->data, strlen(l->data));
+      write(outfd, "\n", 1);
+      l = l->next;
+    }
+  }
+  return;
+}
+
+void put_wisdom(void) {
+  char  wis[DATA_SIZE] = {0}; 
+  int   r;
+
+  r = write(outfd, prompt, sizeof(prompt)-sizeof(char));
+  if(r < 0) {
+    return;
+  }
+
+  r = (int)gets(wis); 
+  if (r == 0)
+    return;
+
+  WisdomList  *l = malloc(sizeof(WisdomList));
+
+  if(l != NULL) {
+    memset(l, 0, sizeof(WisdomList));
+    strcpy(l->data, wis);
+    if(head == NULL) {
+      head = l;
+    } else {
+      WisdomList  *v = head;
+      while(v->next != NULL) {
+        v = v->next;
+      }
+      v->next = l;
+    }
+  }
+
+  return;
+}
+
+fptr  ptrs[3] = { NULL, get_wisdom, put_wisdom };
+
+int main(int argc, char *argv[]) {
+
+  while(1) {
+      char  buf[1024] = {0};
+      int r;
+      fptr p = pat_on_back;
+      r = write(outfd, greeting, sizeof(greeting)-sizeof(char));
+      if(r < 0) {
+        break;
+      }
+      r = read(infd, buf, sizeof(buf)-sizeof(char));
+      if(r > 0) {
+        buf[r] = '\0';
+        int s = atoi(buf);
+        fptr tmp = ptrs[s];
+        tmp();
+      } else {
+        break;
+      }
+  }
+
+  return 0;
+}