How to use the GCC compilation option to detect Stack Overflow

Source: Internet
Author: User

There was a time when I tried to reproduce a buffer overflow problem when I learned about these compilation options. I was experimenting on Ubuntu 12.04, and the GCC version was 4.6.3. What I did was simple:

  code is as follows copy code

#include <stdio.h>
#include <string.h>

int main (void)
{
    int len = 0;
 & nbsp;  char str[10] = {0};

    printf ("N Enter the name n");

    gets (str);//Used gets () to cause buffer overflow

    printf ("N len = [%d] n", Len);

    len  = strlen (str);
    printf ("N len of String entered is: [%d]n", Len);

    return 0;
}

In the code above, I intentionally used the gets () function to receive the string, then calculate the length of the string and output it to standard output-The default is the screen. The idea here is to enter a string of more than 10 lengths, and since the gets () function does not detect the array bounds, it will write the characters to an address other than 10 so that a buffer overflow occurs. After I run the program, the results are as follows:

The code is as follows Copy Code

$./stacksmash

Enter the name
Thegeekstuff

Len = [0]

Len of String entered is: [12]
Stack smashing detected * * * *:./stacksmash terminated
======= BackTrace: =========
/lib/i386-linux-gnu/libc.so.6 (__fortify_fail+0x45) [0xb76e4045]
/lib/i386-linux-gnu/libc.so.6 (+0x103ffa) [0xb76e3ffa]
./stacksmash[0x8048548]
/lib/i386-linux-gnu/libc.so.6 (__LIBC_START_MAIN+0XF3) [0XB75F94D3]
./stacksmash[0x8048401]
======= Memory Map: ========
08048000-08049000 R-xp 00000000 08:06 528260/home/himanshu/practice/stacksmash
08049000-0804a000 R--p 00000000 08:06 528260/home/himanshu/practice/stacksmash
0804a000-0804b000 rw-p 00001000 08:06 528260/home/himanshu/practice/stacksmash
0973a000-0975b000 Rw-p 00000000 00:00 0 [Heap]
b75af000-b75cb000 R-xp 00000000 08:06 787381/lib/i386-linux-gnu/libgcc_s.so.1
b75cb000-b75cc000 r--p 0001b000 08:06 787381/lib/i386-linux-gnu/libgcc_s.so.1
b75cc000-b75cd000 rw-p 0001c000 08:06 787381/lib/i386-linux-gnu/libgcc_s.so.1
b75df000-b75e0000 Rw-p 00000000 00:00 0
b75e0000-b7783000 R-xp 00000000 08:06 787152/lib/i386-linux-gnu/libc-2.15.so
b7783000-b7784000---p 001a3000 08:06 787152/lib/i386-linux-gnu/libc-2.15.so
b7784000-b7786000 r--p 001a3000 08:06 787152/lib/i386-linux-gnu/libc-2.15.so
b7786000-b7787000 rw-p 001a5000 08:06 787152/lib/i386-linux-gnu/libc-2.15.so
b7787000-b778a000 Rw-p 00000000 00:00 0
b7799000-b779e000 Rw-p 00000000 00:00 0
b779e000-b779f000 R-xp 00000000 00:00 0 [VDSO]
b779f000-b77bf000 R-xp 00000000 08:06 794147/lib/i386-linux-gnu/ld-2.15.so
b77bf000-b77c0000 r--p 0001f000 08:06 794147/lib/i386-linux-gnu/ld-2.15.so
b77c0000-b77c1000 rw-p 00020000 08:06 794147/lib/i386-linux-gnu/ld-2.15.so
bfaec000-bfb0d000 Rw-p 00000000 00:00 0 [Stack]
Aborted (core dumped)

To my surprise, the operating environment can detect a buffer overflow situation. You can see the "Stack Overflow" (Stack smashing detected) information on the output. This prompted me to explore how the buffer overflow was detected.

When I explored the cause, I found a compilation option for GCC:-fstack-protector, here's a description of this option:

The code is as follows Copy Code

-fstack-protector

When this option is enabled, the compiler generates additional code to detect buffer overflows, such as stack overflow attacks. This is done by adding a protection variable to the defective function. This includes functions that are called to alloca, and functions that have more than 8 byte buffers. When this function is executed, the protection variable is initialized and the protection variable is detected when the function exits. If the detection fails, an error message is exported and the program exits.

! Note: in Ubuntu 6.10 and later versions, if the-fno-fstack-protector,-nostdlib, or-ffreestanding options are not specified at compile time, this option is for c,c++,objc,objc++ The language is enabled by default.

So, you'll find that GCC has detected a buffer overflow problem by inserting additional code. The next thing I think about is that I've never added this compilation option at compile time, how is this feature enabled? Then I read the last two lines, and on the Ubuntu6.10 version, this feature has been enabled by default.

Next, I decided to use the-fno-fstack-protector option to cancel this stack overflow detection feature. I run the same code after compiling it and use the same input as before, and here's what I do and how it works:

The code is as follows Copy Code

$ gcc-wall-fno-stack-protector Stacksmash.c-o Stacksmash
$./stacksmash

Enter the name
Thegeekstuff

Len = [26214]

Len of String entered is: [12]

As you can see, once this compilation option is used (as explained in the previous compilation options, this-fstack-protector will not be turned on by default), with the same input, the running environment simply cannot detect a buffer overflow problem, and Len's value has been corrupted

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.