Buffer上的Bufferoverflow(Bufferoverflow on stack)
我正在审查C中的安全问题。我无法理解下面的代码如何破坏堆栈,
#include<stdio.h> #include<stdlib.h> #include<string.h> int chk_perm(){ printf("\n Check Perm \n"); return 2; } int main(int argc,char* argv[]){ int fg; char filename[16]; if(argc != 2){ fprintf(stderr,"Usage : %s filename\n",argv[0]); exit(1); } fg = chk_perm(); strcpy(filename,argv[1]); if(fg == 0xdeadbeef){ //execute as root or deposit million dollars in bank account } else{ //execute as a normal user , deduct $10 from an account } return 0; }通过的argv [1]可能会改变fg的值。 它说,如果argv [1]传递的是一个可能导致不良结果的整个二进制文件,则可以将其作为参数与返回地址一起传递,从而发生损坏。
我无法理解,strcpy如何破坏堆栈check_perm,使得fg的值得到改变。
我对这个计划的假设,
当程序开始执行时,它为主函数创建一个堆栈,并将其参数,返回地址,局部变量放到堆栈中。因此int fg将占用堆栈的4个字节(08567500 loc),并且文件名[16]将占用接下来的16个字节(08567504)。 即使文件名溢出超过16个字节,它可能会损坏,如果任何本地变量之后存在。
那么由于strcpy(filename,argv [1]),fg如何被破坏;
I was going through the security issues in C. I could not understand the below code of how it corrupts the stack,
#include<stdio.h> #include<stdlib.h> #include<string.h> int chk_perm(){ printf("\n Check Perm \n"); return 2; } int main(int argc,char* argv[]){ int fg; char filename[16]; if(argc != 2){ fprintf(stderr,"Usage : %s filename\n",argv[0]); exit(1); } fg = chk_perm(); strcpy(filename,argv[1]); if(fg == 0xdeadbeef){ //execute as root or deposit million dollars in bank account } else{ //execute as a normal user , deduct $10 from an account } return 0; }The argv[1] passed may change the value of fg. Its said, that corruption will happen, if argv[1] passed is an entire binary that can cause undesired results can be passed as an argument along with return address.
I could not understand , how the strcpy corrupts the stack check_perm such that the value of the fg gets changed.
My assumption about the program,
When program starts executing, It creates a stack for the main function and put its arguments,return address,local variables onto the stack.So int fg will occupy 4 bytes (08567500 loc)of the stack and filename[16] will occupy next 16 bytes(08567504). Even if the filename is overflowing more than 16 bytes it may corrupt if any local variable was present after it.
So how does the fg gets corrupted due to strcpy(filename,argv[1]);
原文:https://stackoverflow.com/questions/18724368
最满意答案
这有什么问题?
TextWriter x = File.OpenWrite ("my.csv", ....); x.WriteLine("Column1,Column2"); // header x.WriteLine(coups.Cells[0].Text + "," + coups.Cells[1].Text);列分隔符是逗号。 这就足够了:
Column1,Column2 data,data2 data,data2他们不必像这样在视觉上排队:
Column1, Column2 data, data2 data, data2编辑:在美国,逗号意味着
,分号意味着;。 您需要选择软件使用的分隔符。What's wrong with this?
TextWriter x = File.OpenWrite ("my.csv", ....); x.WriteLine("Column1,Column2"); // header x.WriteLine(coups.Cells[0].Text + "," + coups.Cells[1].Text);The column delimiter is a comma. This is sufficient:
Column1,Column2 data,data2 data,data2They don't have to line up visually like this:.
Column1, Column2 data, data2 data, data2Edit: In the United States, Comma means
,and semicolon means;. You'll want to pick the delimiter that your software uses.
相关问答
更多-
如果我很清楚你的问题,这很容易...... 你可以: $ awk -F, '{fifth=substr($5, 1, 4) ; print > (fifth "_mysuffix.csv")}' file.cv 要不就: $ awk -F, '{print > (substr($5, 1, 4) "_mysuffix.csv")}' file.csv 你会得到几个文件,如: $ cat 3100_mysuffix.csv 1,2,3,4,3100_group2,6,7,8 1,2,3,4,3100_g ...
-
请参阅维基百科中的文章 带嵌入逗号的字段必须包含在双引号字符中 see article in wikipedia Fields with embedded commas must be enclosed within double-quote characters
-
将null导出到.csv(Export null to .csv)[2022-04-06]
在.csv文件中没有空值。 就像你说的那样, null , "null"或""都会被解释为一个字符串值。 考虑更改源,以便为导出的记录添加“ColumnXIsNull”值。 There's no such thing as a null in .csv files. Like you said, a value of null, "null" or "" would all be interpreted as a string value. Consider changing your source so ... -
将字符串导出为CSV无效(Export string to CSV not working)[2023-02-09]
标题应写为Content-Disposition - 注意名称中的大写字母。 有关更多信息,请在http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html中搜索19.5.1 Content-Disposition 例如: Content-Disposition: attachment; filename="fname.ext" 另请注意文件名周围的双引号。 在asp.net中使用csv文件进行响应 The issue was an exception: S ... -
对于Excel,您需要将值包装在引号中。 看到这个问题 。 在json-export-excel.js您将看到_objectToString方法将输出包装在引号中,但因为fieldValue变量不是对象,所以此示例永远不会调用它。 function _objectToString(object) { var output = ''; angular.forEach(object, function(value, key) { output += key + ':' + value + ' ' ...
-
将字符串导出到csv(Export a string to csv)[2022-03-19]
这有什么问题? TextWriter x = File.OpenWrite ("my.csv", ....); x.WriteLine("Column1,Column2"); // header x.WriteLine(coups.Cells[0].Text + "," + coups.Cells[1].Text); 列分隔符是逗号。 这就足够了: Column1,Column2 data,data2 data,data2 他们不必像这样在视觉上排队: Column1, Column2 data ... -
CSV意味着“逗号分隔值”。 你只是有一个字符串列表,所以为什么要使用CSV命令呢? 只要做这样的事情: $i = 1 Get-Content 'list.txt' | foreach { Set-Content -LiteralPath "file$i.txt" -Value $_ $i++ } CSV means "comma separated values". You just have a list of strings, so why bother using the CSV ...
-
将CSV输出到字符串/表(Outputting CSV to String/Table)[2022-12-08]
您需要使用ConvertTo-Html $body = $YOUR_CSV_DATA | ConvertTo-Html -Fragment Send-MailMessage -To 'abc@example.com' -From 'admin@example.com' -Subject 'Your report' -BodyAsHtml -Body $body -SmtpServer 'smtp.example.com' You need to use ConvertTo-Html $body = $Y ... -
无法将表导出到csv(Can not export table to csv)[2023-05-23]
由于您使用的是输入元素,因此text()方法不起作用 - 实际上元素之间没有任何内容。 相反,您希望使用val()方法从所述输入元素获取文本。 这是一个快速而肮脏的例子: https : //jsfiddle.net/dzy5ktv6/ 请注意,我更改了选择器以选择input元素而不是td 。 Since you are using input elements, the text() method won't work - essentially there is nothing between ... 您可以使用EXPORT选项 COLUMN DELIMITER和DELIMIT来控制数据如何导出 - 例如 EXPORT RETAIL.ARTICLE INTO LOCAL CSV FILE 'C:\TEMP\testexp1.csv' ROW SEPARATOR = 'CRLF' COLUMN SEPARATOR = ',' COLUMN DELIMITER = '"' DELIMIT = ALWAYS; You can use the EXPORT options COLUMN DELIMITER ...相关文章
更多- AI八数码问题 Stack Overflow
- Stack Overflow Architecture Update - Now At 95 Million Page Views A Month
- 一天一道算法题--6.7--stack
- 修改linux资源限制
- 记录一点零碎想法
- Struts2 Push Tag 引发的问题
- Java 数据结构
- Java 集合框架
- Instagram的技术探索
- Hadoop作业调优参数整理及原理
最新问答
更多- h2元素推动其他h2和div。(h2 element pushing other h2 and div down. two divs, two headers, and they're wrapped within a parent div)
- 创建一个功能(Create a function)
- 我投了份简历,是电脑编程方面的学徒,面试时说要培训三个月,前面
- PDO语句不显示获取的结果(PDOstatement not displaying fetched results)
- Qt冻结循环的原因?(Qt freezing cause of the loop?)
- TableView重复youtube-api结果(TableView Repeating youtube-api result)
- 如何使用自由职业者帐户登录我的php网站?(How can I login into my php website using freelancer account? [closed])
- SQL Server 2014版本支持的最大数据库数(Maximum number of databases supported by SQL Server 2014 editions)
- 我如何获得DynamicJasper 3.1.2(或更高版本)的Maven仓库?(How do I get the maven repository for DynamicJasper 3.1.2 (or higher)?)
- 以编程方式创建UITableView(Creating a UITableView Programmatically)
- 如何打破按钮上的生命周期循环(How to break do-while loop on button)
- C#使用EF访问MVC上的部分类的自定义属性(C# access custom attributes of a partial class on MVC with EF)
- 如何获得facebook app的publish_stream权限?(How to get publish_stream permissions for facebook app?)
- 如何防止调用冗余函数的postgres视图(how to prevent postgres views calling redundant functions)
- Sql Server在欧洲获取当前日期时间(Sql Server get current date time in Europe)
- 设置kotlin扩展名(Setting a kotlin extension)
- 如何并排放置两个元件?(How to position two elements side by side?)
- 如何在vim中启用python3?(How to enable python3 in vim?)
- 在MySQL和/或多列中使用多个表用于Rails应用程序(Using multiple tables in MySQL and/or multiple columns for a Rails application)
- 如何隐藏谷歌地图上的登录按钮?(How to hide the Sign in button from Google maps?)
- Mysql左连接旋转90°表(Mysql Left join rotate 90° table)
- dedecms如何安装?
- 在哪儿学计算机最好?
- 学php哪个的书 最好,本人菜鸟
- 触摸时不要突出显示表格视图行(Do not highlight table view row when touched)
- 如何覆盖错误堆栈getter(How to override Error stack getter)
- 带有ImageMagick和许多图像的GIF动画(GIF animation with ImageMagick and many images)
- USSD INTERFACE - > java web应用程序通信(USSD INTERFACE -> java web app communication)
- 电脑高中毕业学习去哪里培训
- 正则表达式验证SMTP响应(Regex to validate SMTP Responses)