The function ls in src/ls.c is vulnerable to a buffer overflow due to insufficient bound checks of the loc argument.
It is copied to the fixed-size buffer final_loc, holding 1024 bytes at max. Any input exceeding this bounds therefore leads to a corruption of neighboring memory regions.
Steps to reproduce (requires gdb and python3):
(in project's root directory)
$ ./build.sh
$ gdb --args ./bin/ls_extended $(python3 -c 'print("a" * 2000)')
(gdb) run
The stack protection introduced by gcc will then detect a stack smash attack.
The function ls in src/ls.c is vulnerable to a buffer overflow due to insufficient bound checks of the loc argument. It is copied to the fixed-size buffer final_loc, holding 1024 bytes at max. Any input exceeding this bounds therefore leads to a corruption of neighboring memory regions.
Steps to reproduce (requires gdb and python3): (in project's root directory) $ ./build.sh $ gdb --args ./bin/ls_extended $(python3 -c 'print("a" * 2000)') (gdb) run
The stack protection introduced by gcc will then detect a stack smash attack.