[Vuln-dev Challenge] Challenge #2

From: Dave McKinney (dm_at_securityfocus.com)
Date: 05/24/03

  • Next message: David Riley: "Mac OS X shellcode and SIGTRAP" 
    Date: Fri, 23 May 2003 16:13:44 -0600 (MDT)
To: vuln-dev@securityfocus.com

    We are announcing the second challenge. Initially, we wanted to have this
    out a few days ago but were involved in testing it on multiple platforms.
    This challenge is a little easier than the first one, since we'd like to
    see more people attempting to produce a proof-of-concept. If you find it
    too easy, you're welcome to attempt it in an environment with a
    non-executable stack/heap to raise the bar a little.

    Here's a link to the basic guidelines (for those who missed it):

    http://www.securityfocus.com/archive/82/321615/2003-05-13/2003-05-19/0

    (also, please retain the [Vuln-dev Challenge] string in the subject line
    for replies to make for easier filtering for those not interested in
    challenge related discussion.) 

    ---
/* vulndev2.c */
#include <stdio.h>
#include <stdlib.h>
#define BFSIZE 90
int
main(int argc, char *argv[])
{
        char    *bfp;
        char    buf[BFSIZE];
        FILE    *f1;
        if (argc != 3)
                return 1;
        if ( (bfp = malloc(BFSIZE)) == NULL)
                return 1;
        /* log input */
        if ( (f1 = fopen("db.log", "a+")) == NULL)
                return 1;
        fprintf(f1, ";;%s;;", argv[2]);
        fclose(f1);
        strcpy(buf, argv[1]);
        /* read log */
        if ( (f1 = fopen("db.log", "r")) == NULL)
                return 1;
        if (fgets(bfp, BFSIZE, f1) == NULL)
                return 1;
        printf("%s\n", bfp);
        fclose(f1);
        exit(1);
}
---
Dave McKinney
Symantec
keyID: BF919DD7
key fingerprint = 494D 6B7D 4611 7A7A 5DBB  3B29 4D89 3A70 BF91 9DD7
  • Next message: David Riley: "Mac OS X shellcode and SIGTRAP"

    Relevant Pages