{"type":"rich","blog_url":"https://yupo5656.hatenadiary.org/","author_name":"yupo5656","author_url":"https://blog.hatena.ne.jp/yupo5656/","height":"190","blog_title":"memologue","provider_name":"Hatena Blog","published":"2004-06-27 00:00:00","url":"https://yupo5656.hatenadiary.org/entry/20040627/p1","categories":["security","asm"],"width":"100%","image_url":null,"provider_url":"https://hatena.blog","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fyupo5656.hatenadiary.org%2Fentry%2F20040627%2Fp1\" title=\" off-by-one error \u3067return address\u304c\u4e0a\u66f8\u304d\u3055\u308c\u308b\u307e\u3067 - memologue\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","version":"1.0","title":" off-by-one error \u3067return address\u304c\u4e0a\u66f8\u304d\u3055\u308c\u308b\u307e\u3067","description":"Phrack Magazine (http://phrack.org/phrack/55/P55-08) \u306e off-by-one exploit \u3092\u8aad\u307f\u307e\u3057\u305f\u3002\u8981\u7d04\u3057\u3066\u304a\u304d\u307e\u3059\u3002 void func(const char* sm) { char buffer[256]; for(int i=0; i\u3053\u306e\u3088\u3046\u306a\u30011\u30d0\u30a4\u30c8\u3060\u3051\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u3059\u308bbug\u306e\u3042\u308b\u30b3\u30fc\u30c9\u3092\u66f8\u3044\u3066\u3057\u307e\u3044\u3001\u66f4\u306b\u5f15\u6570 sm \u306b\u81ea\u7531\u306a\u30d0\u30a4\u30c8\u5217\u3092\u8a2d\u5b9a\u3067\u304d\u308b\u5834\u5408\u3001\u305d\u308c\u304c\u3069\u306e\u3088\u3046\u306b\u3057\u3066 arbitrary code execution \u306b\u7e4b\u304c\u308b\u304b\u304c\u66f8\u3044\u3066\u3042\u308a\u307e\u3059\u3002 \u4ee5\u4e0b\u3001\u7c21\u5358\u306a\u89e3\u8aac\u3067\u3059\u3002 buffer[256] \u306b\u306f saved_eb\u2026"}