0
int main(void) {
    char buff[15];
    int pass = 0;
    printf("\n Enter the password : \n");
    gets(buff);
    if (strcmp(buff, "thegeekstuff")) {
        printf("\n Wrong Password \n");
    }
    else {
        printf("\n Correct Password \n");
        pass = 1;
    }
    if (pass) {
        /* Now Give root or admin rights to user*/
        printf("\n Root privileges given to the user \n");
    }
    return 0;
}

i know I have to change pass so it wont allow a non-zero value to get through but how do i do that?

OCTAVIAN
  • 101
  • Don't [roll your own](https://security.stackexchange.com/questions/18197/why-shouldnt-we-roll-our-own)? – browly Dec 06 '18 at 16:45

2 Answers2

1

gets() does not limit its input, it is impossible to use securely.

I'd suggest to use

fgets(buff,15,stdin);

instead of gets.

Other solutions may exist.

Adam Shostack
  • 2,659
  • 1
  • 10
  • 12
T. Rode
  • 91
  • 5
  • doesn't work if I spam it, then privileges are still given – OCTAVIAN Dec 06 '18 at 12:53
  • how do you test your code ? did you try to strcmp(buff, "thegeekstuff\n") ? else you could strNcmp in order to avoid handling \r\n or \n. – T. Rode Dec 06 '18 at 13:23
  • so I run the program and enter a password of "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" then it gives me root access, so the error has to be the the pass method cause I think im setting pass to a non-zero value which is then allowing it through. – OCTAVIAN Dec 06 '18 at 13:27
  • when I try your code with the fgets instead of gets and with strcmp(buff, "thegeestuff\n"), putting "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" as input gets me "Wrong password". I have ASLR on. – T. Rode Dec 06 '18 at 13:40
  • Also, more than 15 char please. – Adam Shostack Jan 05 '19 at 17:39
0

Declare char buffer after any other type of declaration, even in structs, because char buffer can overwrite the allocation space of the other variables at run time. Always fill buffer with zeroes (memset), before using it and initialize (set to zero or a predefined value) any other variable after declaration. Use fgets as suggested, when you know exactly the dimension of you array and use strncmp, instead of strcmp, for the same reason.

LoryOne
  • 1