|
|
 |
|
|
Thread Tools | Display Modes |
Jun 28th, 2006, 10:51 AM
|
#1 |
|
Programmer
Join Date: Mar 2006
Posts: 40
Rep Power: 0
 |
Application core dump, in strcat? Overflow not suspected!?
The password_variable is of type char* and is being passed in as a parameter to the function. At this point it is only 8 characters.
The hexchar variable is defined as: BYTE hexchar[3]; The line below is generating an application core dump. strcat (password_variable, (char*)hexchar); I though it was a buffer overflow, I tried to "empty" the password_variable but it generated a core dump also. Is there something wrong with how I am typcasting or assigning the variable? I attempt "emptying" the variable like so: strcpy(password_variable,""); Solaris truss generates (for the strcat operation): Incurred Fault #6, FLTBOUNDS %pc = 0XFF2D42D4 siginfo: SIGSEGV SEGV_ACCERR addr=0x000107B8 |
|
|
|
Jun 28th, 2006, 11:12 AM
|
#2 |
|
Resident Grouch
 
Join Date: Jun 2005
Posts: 6,453
Rep Power: 10
|
So is password_variable pointing to a valid char array? It takes more than a pointer, the pointer has to point to valid memory. Any reason you're not showing your code? You might check the pointer tutorial in my sig. One presumes BYTE is defined as char?
__________________
Abstraction doesn't make it impossible to write bad code; it makes it possible to write superior code. Contributor's Corner: Grumpy on C++ Exceptions DaWei on Pointers |
|
|
|
|
Jun 28th, 2006, 11:25 AM
|
#3 |
|
Programmer
Join Date: Mar 2006
Posts: 40
Rep Power: 0
|
Thanks for your time DaWei.
Yes, the password variable contains the data passed in from another function. I `printf`ed it to the console and all looks well. The code itself involves a cryptography method that I unfortunately cannot release to the public. I'm aware the lack of code may hinder my ability to obtain help. Any suggestions are much appreciated. I would assume a byte is a character also. I am one of the "lucky" ones who has to maintain old, uncommented code. In the source the original programmer used the BYTE suggestion above. I would think that I could at least strcpy "" into the variable, but that also generates a core dump? |
|
|
|
|
Jun 28th, 2006, 1:14 PM
|
#4 |
|
Resident Grouch
Join Date: Jun 2005
Posts: 6,453
Rep Power: 10
|
The password variable, if it's a char * (as you show), cannot hold data passed in from another function. It can only hold the address of that data. If that memory has not been set aside, you're in puke-in-the-grass-ville. I would suggest that you could pick up these highly secret declarations and disguise them in such a way that your project would be safe, but we could say, "Looky here! Bad Thang!". I would also suggest that since you didn't say, "The memory that blah is pointing to is set aside in bleagh by a statement declaring a char array bleght bytes in length." I think you need to read that pointer tutorial.
__________________
Abstraction doesn't make it impossible to write bad code; it makes it possible to write superior code. Contributor's Corner: Grumpy on C++ Exceptions DaWei on Pointers |
|
|
|
|
Jun 28th, 2006, 3:32 PM
|
#5 |
|
Programmer
Join Date: Mar 2006
Posts: 40
Rep Power: 0
|
This is the relevant code (stripped down version)... it is contained within a shared object file:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "aes.h"
void encrypt_password (char* password_variable)
{
int i,
count;
BYTE password [20], /* Local password buffer */
cipherBuffer [16], /* Buffer for binary ciphertext */
hexchar [3]; /* Hexadecimal equivalent of binary value */
count = strlen (password_variable);
if (count > 16)
count = 16;
/*
* Copy the password buffer
*/
for (i=0; i<count; i++)
{
password[i] = password_variable[i];
}
/*
* Pad the buffer with random data
*/
for (i=count; i<20; i++)
{
password[i] = rand()/1260+65;
}
/*
* Load the encryption key
*/
/*
* Convert the encrypted buffer to a hexadecimal string (128 bit buffer)
*/
/* ERROR HERE */
strcpy (password_variable, "");
for (i=0; i<16; i++)
{
sprintf ((char*)hexchar, "%02x", cipherBuffer[i]);
/* ERROR HERE */
strcat (password_variable, (char*)hexchar);
}
/*
* Pad the rest of the output buffer with the previously stored random data
*/
for (i=16; i<20; i++)
{
sprintf ((char*)hexchar, "%02x", password[i]);
/* ERROR HERE */
strcat (password_variable, (char*)hexchar);
}
return;
}This is the code that calls that particular function in the library... #include <stdio.h>
int main (void)
{
printf("Testing library...\n");
char* pw = "me%MU^05";
encrypt_password2(pw);
printf("Encrypted Password: %s\n",pw);
return 0;
} |
|
|
|
|
Jun 28th, 2006, 3:42 PM
|
#6 |
|
Professional Programmer
 
Join Date: Sep 2005
Posts: 419
Rep Power: 3
|
>char* pw = "me%MU^05";
>encrypt_password2(pw); pw is a pointer to a string literal, which is likely in read-only memory. That's the cause of your core dump. pw needs to be an array with a suitable size.
__________________
Even if the voices aren't real, they have some pretty good ideas. |
|
|
|
|
Jun 28th, 2006, 3:51 PM
|
#7 |
|
Programmer
Join Date: Mar 2006
Posts: 40
Rep Power: 0
|
Narue, that did it! You're the best!
Thank you both for your suggestions  |
|
|
|
|
Jun 28th, 2006, 3:53 PM
|
#8 |
|
Resident Grouch
Join Date: Jun 2005
Posts: 6,453
Rep Power: 10
|
Either read Narue's pointer tutorial or mine
 .
__________________
Abstraction doesn't make it impossible to write bad code; it makes it possible to write superior code. Contributor's Corner: Grumpy on C++ Exceptions DaWei on Pointers |
|
|
|
|
Jun 28th, 2006, 4:36 PM
|
#9 |
|
Battle Programmer
Join Date: Feb 2006
Location: Bellevue, WA, USA
Posts: 750
Rep Power: 3
|
Got a quick link to Narue's?
|
|
|
|
|
| Bookmarks |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
