sen-material: changeset 403:92c49c160b24

Binary file handouts/ho03.pdf has changed

--- a/handouts/ho03.tex	Thu Oct 08 17:06:48 2015 +0100
+++ b/handouts/ho03.tex	Thu Oct 08 18:46:15 2015 +0100
@@ -375,7 +375,10 @@
 
 \begin{figure}[p]
 \lstinputlisting[language=C]{../progs/C2.c}
-\caption{A vulnerable login implementation.\label{C2}}
+\caption{A vulnerable login implementation. The use of the
+`own' \pcode{get\_line} function makes this program
+vulnerable. The developer should have used \emph{safe}
+library functions instead.\label{C2}}
 \end{figure}
 
 This kind of attack was very popular with commercial programs
@@ -432,6 +435,7 @@
 
 \lstinputlisting[language=C,numbers=none]{../progs/o2.c}
 
+\noindent
 While not too difficult, obtaining this string is not entirely
 trivial using \pcode{gdb}. Remember the functions in C that
 copy or fill buffers work such that they copy everything until

--- a/progs/README	Thu Oct 08 17:06:48 2015 +0100
+++ b/progs/README	Thu Oct 08 18:46:15 2015 +0100
@@ -64,6 +64,10 @@
   ./C4 "%s"
   ./C4 `./args4`
 
+This vulnerability does not need the defences, but prints out
+the string only correctly with `./args4`. The %s option needs
+
+  -mpreferred-stack-boundary=2
 
 
 ------------------------------------

Binary file slides/slides03.pdf has changed

author	Christian Urban <christian dot urban at kcl dot ac dot uk>
	Thu, 08 Oct 2015 18:46:15 +0100
changeset 403	92c49c160b24
parent 402	fb0c844a26cf
child 404	4e3bc09748f7

handouts/ho03.pdf		file \| annotate \| diff \| comparison \| revisions
handouts/ho03.tex		file \| annotate \| diff \| comparison \| revisions
progs/README		file \| annotate \| diff \| comparison \| revisions
slides/slides03.pdf		file \| annotate \| diff \| comparison \| revisions