c - Stack-Based Buffer Overflow Vulnerabilities -

i reading book titled hacking: art of exploitation, , have problem section stack-based buffer overflow vulnerabilities. following instructions given author, don't expected results.

first, here program auth_overflow2.c, copied book:

#include <stdio.h> #include <stdlib.h> #include <string.h>  int check_authentication(char *password) {    char password_buffer[16];    int auth_flag = 0;     strcpy(password_buffer, password);     if(strcmp(password_buffer, "brillig") == 0)       auth_flag = 1;    if(strcmp(password_buffer, "outgrabe") == 0)       auth_flag = 1;     return auth_flag; }  int main(int argc, char *argv[]) {    if(argc < 2) {       printf("usage: %s <password>\n", argv[0]);       exit(0);    }    if(check_authentication(argv[1])) {       printf("\n-=-=-=-=-=-=-=-=-=-=-=-=-=-\n");       printf("       access granted.\n");       printf("-=-=-=-=-=-=-=-=-=-=-=-=-=-\n");    } else {       printf("\naccess denied.\n");    } } 

this copy of ubuntu terminal:

(gdb) break 19  breakpoint 1 @ 0x40077b: file auth_overflow.c, line 19.  (gdb) break 7  breakpoint 2 @ 0x4006df: file auth_overflow.c, line 7.  (gdb) break 12  breakpoint 3 @ 0x40072a: file auth_overflow.c, line 12.  (gdb) run aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa  starting program: /home/test/a.out aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa   breakpoint 1, main (argc=2, argv=0x7fffffffdf08) @ auth_overflow.c:19  19      if(check_authentication(argv[1])) {  (gdb) r esp  esp            0xffffde10   -8688  (gdb) x/32xw $esp  0xffffffffffffde10: cannot access memory @ address 0xffffffffffffde10  (gdb) c  continuing.   breakpoint 2, check_authentication (password=0x7fffffffe2cc 'a' <repeats 30 times>) @ auth_overflow.c:7  7       strcpy(password_buffer, password);  (gdb) r esp  esp            0xffffddc0   -8768  (gdb) x/32xw $esp  0xffffffffffffddc0: cannot access memory @ address 0xffffffffffffddc0  (gdb) p 0xffffde10 - 0xffffddc0  $1 = 80  (gdb) x/s password_buffer  0x7fffffffdde0: "\001"  (gdb) x/x &auth_flag  0x7fffffffdddc: 0x00  (gdb)  

when try x/32xw $esp get: 0xffffffffffffde10: cannot access memory @ address 0xffffffffffffde10

same thing happens when continue second break point. when author types x/s password_buffer output is:

0xbffff7c0: "?o??\200????????o???g??\020\205\004\b?????\204\004\b????\020\205\004\bh???????\002"

but output looks this:

0x7fffffffdde0: "\001"

my r esp result different book.

in book there 2 hexadecimal numbers:

esp 0xbffff7e0 0xbffff7e0

i using ubuntu , gcc , gdb.

i think might have answer - argv[ 1 ] pointing 30 'a's - , have password buffer of 16. strcpy() fill buffer , beyond.

i increase buffer size larger size (say 255 bytes).

in practise, should review code, examples, , make them more robust (example: allowing larger passwords 16 )