There is stack corruption. Function system() exited with error code probably 139. Your application didn't noticed that because it's different process.
Stack preparation for new process - bash / system() call differences
-
29-07-2022 - |
Question
I have an application that explains stack buffer overflow. I would like to provoke Return-to-libc attack.
Buffer overflow is based on:
int main(int argc, char **argv)
{
[...]
char buff[16];
strcpy(buff,argv[1]);
[...]
}
when I call this application direct from shell, I get expected error - stack is corrupted:
[syssec@syssecvm bufov1]$ ./vulnapp hhgfhdsgfsagfzutuewzrqwgfshgafsd
Segmentation fault
But when I'm trying to prepare the argument in other app (executor.c), and call vulnapp via system() call, nothing happens. vulnapp accepts argument of any lenght:
./executor
You executed:./vulnapp 01234567890123450123BBBB�%�/bin/ged�������/
[syssec@syssecvm bufov1]$
There is no stack corruption in this case.
Why is it like this ?
Is there any way to get the same effect (buffer overflow) in case of system() call ?
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow