Skip to content
Please note that GitHub no longer supports Internet Explorer.

We recommend upgrading to the latest Microsoft Edge, Google Chrome, or Firefox.

Learn more
Permalink
Browse files

add stack buffer overflow

  • Loading branch information
keltecc committed Nov 22, 2019
1 parent 3b583b6 commit db4187f50d6bfd4ae7b1a86f336f3028bef6602e
@@ -1,6 +1,6 @@
CC=g++
CFLAGS=-std=c++17 -Wall
SECFLAGS=-Wl,-z,noexecstack
SECFLAGS=-Wl,-z,noexecstack -fno-stack-protector

SRCDIR=src
OUTDIR=bin
@@ -92,12 +92,16 @@ class fuel {

private:
void delete_partial_matches(std::string& search_text, std::vector<piece>& collected_pieces) const {
char text[strlen(search_text.data()];

size_t size = search_text.size();
search_text.copy(text, size, 0);

std::vector<piece> remove_pieces;

for (const auto& p : collected_pieces) {
if ((p.start() == 0 || !std::isalpha(search_text.at(p.start() - 1))) &&
(p.end() + 1 == size || !std::isalpha(search_text.at(p.end() + 1)))) {
if ((p.start() == 0 || !std::isalpha(text[p.start() - 1])) &&
(p.end() + 1 == size || !std::isalpha(text[p.end() + 1]))) {
continue;
}

@@ -52,8 +52,9 @@ class handler {

static int check_fuel() {
char const* f_name = getenv("QUERY_STRING");

if (f_name == NULL) {
char const* p_size_s = getenv("CONTENT_LENGTH");

if (f_name == NULL || p_size_s == NULL) {
return http::bad_request();
}

@@ -63,16 +64,19 @@ class handler {
return http::not_found();
}

std::string property;
std::cin >> property;
size_t p_size = std::stoi(std::string(p_size_s));

char buffer[p_size];
std::cin.read(buffer, p_size);
std::string property(buffer, buffer + p_size);

try {
auto result = f.get().check(property);

http::ok();

for (auto p : result) {
std::cout << "[" << p.start() << " -> " << p.end() << "] (" << p.size() << ")" << std::endl;
std::cout << property.substr(p.start(), p.size()) << " " << "(" << p.start() << " -> " << p.end() << ")" << std::endl;
}
}
catch (...) {
@@ -12,6 +12,8 @@ server {
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param DOCUMENT_URI $document_uri;

fastcgi_param CONTENT_LENGTH $content_length;

fastcgi_param SCRIPT_FILENAME /var/engine/engine;

fastcgi_pass engine:31337;

0 comments on commit db4187f

Please sign in to comment.
You can’t perform that action at this time.