added more code

CPE455/Quiz-Bravo/README.txt

@@ -0,0 +1,15 @@
+
+bapp.c
+
+sample code uses gets( )
+
+
+Correct password is the following fifteen characters:  aaaaabbbbbccccc
+
+
+perl -e 'print "a"x90' | ./vulnerable_bapp
+
+perl -e 'print "a"x90' | ./protected_bapp
+
+
+

CPE455/Quiz-Bravo/bapp.c

@@ -0,0 +1,37 @@
+/*
+ * bapp.c
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <signal.h>
+
+#define BUFFER_SIZE 20
+
+int main()
+{
+  char correctPassword[BUFFER_SIZE];
+  char suppliedPassword[BUFFER_SIZE];
+
+  printf("\nEnter the password now: ");
+  strncpy(correctPassword, "aaaaabbbbbccccc", BUFFER_SIZE);
+  gets(suppliedPassword);
+  printf("\n");
+	
+  if (strncmp(suppliedPassword, correctPassword, BUFFER_SIZE) == 0)
+  {
+    printf("Login successful\n\n");
+  }
+  else
+  {
+    printf("Login failure\n\n");
+  }
+
+  printf("suppliedPassword: %s\n", suppliedPassword);
+  printf("correctPassword: %s\n", correctPassword);
+
+  return 0;
+}
+
+

CPE455/Quiz-Bravo/makefile

@@ -0,0 +1,18 @@
+#
+# bapp.c makefile
+#
+
+CC = gcc
+CFLAGS = -g
+
+vulnerable_bapp:  bapp.c
+	$(CC) $(CFLAGS) -fno-stack-protector -z execstack bapp.c -o vulnerable_bapp
+
+protected_bapp:  bapp.c
+	$(CC) $(CFLAGS) -fstack-protector  -z noexecstack bapp.c -o protected_bapp
+
+clean:
+	rm vulnerable_bapp protected_bapp
+
+
+

CPE455/Quiz-Bravo/protected.txt

@@ -0,0 +1,92 @@
+Script started on Thu 24 Feb 2022 10:16:22 AM CST
+[?1034hbash-4.2$ ./protected_bapp
+
+Enter the password now: aaaa
+
+Login failure
+
+suppliedPassword: aaaa
+correctPassword: aaaaabbbbbccccc
+bash-4.2$ ./protected_bapp
+
+Enter the password now: aaaaabbbbbccccc
+
+Login successful
+
+suppliedPassword: aaaaabbbbbccccc
+correctPassword: aaaaabbbbbccccc
+bash-4.2$ perl -e 'print "a"x90' | ./protected_bapp
+
+Enter the password now: 
+Login failure
+
+suppliedPassword: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+correctPassword: aaaaabbbbbccccc
+*** stack smashing detected ***: ./protected_bapp terminated
+Segmentation fault
+bash-4.2$ gdb  ./protected_bapp
+[?1034hGNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-120.el7
+Copyright (C) 2013 Free Software Foundation, Inc.
+License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
+and "show warranty" for details.
+This GDB was configured as "x86_64-redhat-linux-gnu".
+For bug reporting instructions, please see:
+<http://www.gnu.org/software/gdb/bugs/>...
+Reading symbols from /home/student/anw0044/CPE455/Quiz-Bravo/protected_bapp...done.
+(gdb) break  main
+Breakpoint 1 at 0x400716: file bapp.c, line 13.
+(gdb) run
+Starting program: /home/student/anw0044/CPE455/Quiz-Bravo/./protected_bapp 
+
+Breakpoint 1, main () at bapp.c:13
+13	{
+Missing separate debuginfos, use: debuginfo-install glibc-2.17-325.el7_9.x86_64
+(gdb) info locals
+correctPassword = "\000\000\000\000\000\000\000\000\377\265\360\000\000\000\000\000\001\000\000"
+suppliedPassword = "\320\340\377\377\377\177\000\000\000\000\000\000\000\000\000\000\340\a@"
+(gdb) rstep
+17	  printf("\nEnter the password now: ");
+(gdb) instepinfo locals
+correctPassword = "\000\000\000\000\000\000\000\000\377\265\360\000\000\000\000\000\001\000\000"
+suppliedPassword = "\320\340\377\377\377\177\000\000\000\000\000\000\000\000\000\000\340\a@"
+(gdb) info locals
+step
+
+18	  strncpy(correctPassword, "aaaaabbbbbccccc", BUFFER_SIZE);
+(gdb) stepinfo locals
+correctPassword = "\000\000\000\000\000\000\000\000\377\265\360\000\000\000\000\000\001\000\000"
+suppliedPassword = "\320\340\377\377\377\177\000\000\000\000\000\000\000\000\000\000\340\a@"
+(gdb) info locals
+step
+19	  gets(suppliedPassword);
+(gdb) stepinfo locals
+correctPassword = "aaaaabbbbbccccc\000\000\000\000"
+suppliedPassword = "\320\340\377\377\377\177\000\000\000\000\000\000\000\000\000\000\340\a@"
+(gdb) info locals
+step
+Enter the password now: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+20	  printf("\n");
+(gdb) stepinfo locals
+correctPassword = "aaaaabbbbbccccc\000\000\000\000"
+suppliedPassword = 'a' <repeats 20 times>
+(gdb) info locals
+stepinfo locals
+stepinfo locals
+continue
+Continuing.
+
+Login failure
+
+suppliedPassword: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+correctPassword: aaaaabbbbbccccc
+*** stack smashing detected ***: /home/student/anw0044/CPE455/Quiz-Bravo/./protected_bapp terminated
+
+Program received signal SIGSEGV, Segmentation fault.
+0x00007ffff78060f8 in ?? () from /lib64/libgcc_s.so.1
+Missing separate debuginfos, use: debuginfo-install libgcc-4.8.5-39.el7.x86_64 libgcc-4.8.5-44.el7.x86_64
+(gdb) quit
+A debugging session is active.
+
+	Inferior 1 [process 6749] will be killed.

CPE455/Quiz-Bravo/vulnerable.txt

@@ -0,0 +1,94 @@
+Script started on Thu 24 Feb 2022 10:08:08 AM CST
+[?1034hbash-4.2$ ./vulnerable_bapp `
+
+Enter the password now: aaaa
+
+Login failure
+
+suppliedPassword: aaaa
+correctPassword: aaaaabbbbbccccc
+bash-4.2$ ./vulnerable_bapp 
+
+Enter the password now: aaaaabbbbbccccc
+
+Login successful
+
+suppliedPassword: aaaaabbbbbccccc
+correctPassword: aaaaabbbbbccccc
+bash-4.2$ perl -e 'print "a"x90' | ./vulnerable_bapp
+
+Enter the password now: 
+Login successful
+
+suppliedPassword: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+correctPassword: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+Segmentation fault
+bash-4.2$ perl -e 'print "a"x90' | ./protected_bapp
+
+Enter the password now: 
+Login failure
+
+suppliedPassword: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+correctPassword: aaaaabbbbbccccc
+*** stack smashing detected ***: ./protected_bapp terminated
+Segmentation fault
+bash-4.2$ gdb  ./vulnerable_bapp
+[?1034hGNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-120.el7
+Copyright (C) 2013 Free Software Foundation, Inc.
+License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
+and "show warranty" for details.
+This GDB was configured as "x86_64-redhat-linux-gnu".
+For bug reporting instructions, please see:
+<http://www.gnu.org/software/gdb/bugs/>...
+Reading symbols from /home/student/anw0044/CPE455/Quiz-Bravo/vulnerable_bapp...done.
+(gdb) 
+(gdb) 
+(gdb) break main
+Breakpoint 1 at 0x4006a5: file bapp.c, line 17.
+(gdb) run
+Starting program: /home/student/anw0044/CPE455/Quiz-Bravo/./vulnerable_bapp 
+
+Breakpoint 1, main () at bapp.c:17
+17	  printf("\nEnter the password now: ");
+Missing separate debuginfos, use: debuginfo-install glibc-2.17-325.el7_9.x86_64
+(gdb) info locals
+correctPassword = "P\a@\000\000\000\000\000\260\005@\000\000\000\000\000\260\341\377\377"
+suppliedPassword = "\001\000\000\000\000\000\000\000\235\a@\000\000\000\000\000\320\340\377\377"
+(gdb) step
+
+18	  strncpy(correctPassword, "aaaaabbbbbccccc", BUFFER_SIZE);
+(gdb) stepinfo locals
+correctPassword = "P\a@\000\000\000\000\000\260\005@\000\000\000\000\000\260\341\377\377"
+suppliedPassword = "\001\000\000\000\000\000\000\000\235\a@\000\000\000\000\000\320\340\377\377"
+(gdb) info locals
+step
+19	  gets(suppliedPassword);
+(gdb) stepinfo locals
+correctPassword = "aaaaabbbbbccccc\000\000\000\000"
+suppliedPassword = "\001\000\000\000\000\000\000\000\235\a@\000\000\000\000\000\320\340\377\377"
+(gdb) info locals
+stepinfo locals
+stepinfo locals
+runbreak main
+runinfo locals
+stepinfo locals
+stepinfo locals
+step
+Enter the password now: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+20	  printf("\n");
+(gdb) stepinfo locals
+correctPassword = 'a' <repeats 20 times>
+suppliedPassword = 'a' <repeats 20 times>
+(gdb) continue
+Continuing.
+
+Login successful
+
+suppliedPassword: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+correctPassword: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+
+Program received signal SIGSEGV, Segmentation fault.
+0x0000000000400744 in main () at bapp.c:35
+35	}