gcc -fstack-protector-all option

[Ashish]

Hi Everyone,

Following is the program that worked (or didn't worked, whatever).

#include<stdio.h>
#include<stdlib.h>

void buffer_overflow ( )
{
        long int        i = 0;
        char    str[29];

        for ( i = 0; i < 50; i++){
                str[i] = '\0';
        }
}

int main ()
{
        buffer_overflow ( );

        exit ( 0);
}

# ./a.out
*** stack smashing detected ***: <unknown> terminated
Aborted
#

The difference between the old one and new one is that the buffer (.i.e.
str) is now allocated on the stack of function “buffer_overflow”. While
earlier it was part of “main” function, so I was actually corrupting stack
of “main” function rather then “buffer_overflow”.

Thanks to John Love-Jensen (www.nabble.com), who pointed out that, I am
actually smashing function main’s stack.

Slowly and slowly I am starting to believe in the term “Global Village”. :-)

Learning’s:
1.	SSP (SS Protection) is actually helpful in detecting case of small buffer
overflows, if the function goes really haywire no one can protect it.
Actually it should be called SSD (Stack Smashing Detection) rather than SSP
as it doesn't protect but detects.
2.	One can mix signal handling for SIGABRT with “-fstack-protector”, if one
is looking for recovery/cleanup also. Though I am not sure whether it's good
idea.

For example:

#include <stdio.h>
#include <stdlib.h>
#include <signal.h>

void buffer_overflow ( )
{
        long int        i;
        char            str[29];

        for ( i = 0; i < 50; i++) {
                str [i] = '\0';
        }
        printf ( "Loop finished\n");
}

void sig_abrt_hand ( int i, siginfo_t* inf, void* j)
{
        printf ( "sig_abrt_hand\n");
        exit ( 1);
}

int main ()
{
        struct sigaction act;

        act.sa_sigaction = sig_abrt_hand;
        //act.sa_handler = SIG_IGN; // Bad idea

        sigaction ( SIGABRT, &act, NULL);

        printf ( "SSP Demo\n");

        buffer_overflow ( );

        exit ( 0);
}

And finally the one with function “main” getting smashed.
Due thanks to Sharath who directed me towards Google groups.
http://www.orkut.com/Profile.aspx?uid=13571966778342355640

And to Mr. Paul Pluzhnikov

#include <stdio.h>
#include <stdlib.h>

void buffer_overflow ( char* str)
{
        long int        i;

        for ( i = 0; i < 999; i++) {
                str [i] = '\0';
        }
}

int main ()
{
        char    str[29];

        buffer_overflow ( str);

        return ( 0);
}

Difference between this one and original one is the “return” as the last
statement rather then “exit”, so one should be careful while “exiting” from
main.


Ashish wrote:
> 
> Hi,
> 
> I am trying to test the buffer protection mechanism of gcc.
> 
> I am running gcc version 4.1.0 and here is my program.
> 
> 
> #include<stdio.h>
> #include<stdlib.h>
> 
> void buffer_overflow ( char* str)
> {
> long int val = 0;
> for ( val = 0; val < 11999; val++){
> str[val] = '\0';
> }
> }
> 
> int main ()
> {
> char str[29];
> 
> buffer_overflow ( str);
> 
> exit ( 0);
> }
> 
> 
> Even after compiling this program with command "gcc -fstack-protector-all
> buffer_overflow.c", exactable runs fine without any error.
> 
> Please not that the limit (11999) in function can very from system to
> system, so please don't reply that it's giving error on your system.
> 
> According to my thinking even after writing one byte more it should throw
> out an error.
> 
> Even after increasing the limit, program gives segmentation fault, whereas
> it should give program error.
> 
> Please help me in getting answer for this, or please guide me to any forum
> on net where I can get answer of this question.
> 

-- 
View this message in context: http://www.nabble.com/gcc--fstack-protector-all-option-tf2126623.html#a5901906
Sent from the gcc - Help forum at Nabble.com.