Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Smashing the stack
From: sommerfeld () apollo hp com (Bill Sommerfeld)
Date: Tue, 21 Jan 1997 10:50:59 -0500


Some architectures grow the stack "upwards" in memory instead of
"downwards"; this means that buffer overrun doesn't overwrite existing
stack frames at all.


This doesn't follow at all.  The buffer which is overrun could have
been allocated within a separate frame from the frame which actually
"commits" the overrun.

e.g.,

        foo()
        {
                char buf[10];
                gets(buf);
        }



The actual overrun occurs in gets(), which writes to memory which is
"below" the stack location of gets's frame, so (in the case of a
hypothetical machine with an upward-growing stack) the flow of control
is derailed on return from gets(), not return from foo()...

                                        - Bill

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]