1 #include <libcgc.h>
2 
3 typedef char int8_t;
4 typedef unsigned char uint8_t;
5 typedef short int16_t;
6 typedef unsigned short uint16_t;
7 typedef int int32_t;
8 typedef unsigned int uint32_t;
9 typedef long long int64_t;
10 typedef unsigned long long uint64_t;
11 
receive_until(int fd,char * dst,char delim,size_t max)12 size_t receive_until(int fd, char *dst, char delim, size_t max )
13 {
14     size_t len = 0;
15     size_t rx = 0;
16     char c = 0;
17 
18     while( len < max ) {
19         dst[len] = 0x00;
20 
21         if ( receive( fd, &c, 1, &rx ) != 0 ) {
22             len = 0;
23             goto end;
24         }
25 
26         if ( c == delim ) {
27             goto end;
28         }
29 
30         dst[len] = c;
31         len++;
32     }
33 end:
34     return len;
35 }
36 
memcpy(void * dst,const void * src,size_t n)37 void *memcpy(void *dst, const void *src, size_t n) {
38    char *d = (char*)dst;
39    const char *s = (const char *)src;
40    while (n--) {*d++ = *s++;}
41    return dst;
42 }
43 
receive_n(int fd,unsigned char * dst,size_t n_bytes)44 size_t receive_n( int fd, unsigned char *dst, size_t n_bytes )
45 {
46   size_t len = 0;
47   size_t rx = 0;
48   while(len < n_bytes) {
49     if (receive(fd, dst + len, n_bytes - len, &rx) != 0) {
50       len = 0;
51       break;
52     }
53     len += rx;
54   }
55 
56   return len;
57 }
58 
send_all(int fd,const void * msg,size_t n_bytes)59 int send_all(int fd, const void *msg, size_t n_bytes)
60 {
61   size_t len = 0;
62   size_t tx = 0;
63   while(len < n_bytes) {
64     if (transmit(fd, (char *)msg + len, n_bytes - len, &tx) != 0) {
65       return 1;
66     }
67     len += tx;
68   }
69   return 0;
70 }
71 
path_char_to_val(char c)72 int path_char_to_val(char c) {
73   switch(c) {
74     case '0':
75       return 0;
76     case '1':
77       return 1;
78     case '2':
79       return 2;
80     case '3':
81       return 3;
82     case '4':
83       return 4;
84     case '5':
85       return 5;
86     case '6':
87       return 6;
88     case '7':
89       return 7;
90     case '8':
91       return 8;
92     case '9':
93       return 9;
94     case 'a':
95       return 10;
96     case 'b':
97       return 11;
98     case 'c':
99       return 12;
100     case 'd':
101       return 13;
102     case 'e':
103       return 14;
104     case 'f':
105       return 15;
106     default:
107       return 0;
108   }
109 
110 }
111 
path_decode(char * out,char * in)112 void path_decode(char *out, char *in) {
113   int out_idx = 0;
114   int in_idx = 0;
115   while (in[in_idx] && in[in_idx+1]) {
116     out[out_idx] = (char)(16*path_char_to_val(in[in_idx]) + path_char_to_val(in[in_idx+1]));
117     out_idx++;
118     in_idx += 2;
119   }
120 }
121 
do_overflow()122 void do_overflow() {
123   char local_buf[0x100];
124   char *buf;
125   if(allocate(0x1000, 0, (void**)&buf)) {
126     _terminate(1);
127   }
128 
129   receive_until(0, buf, '\n', 0x400);
130 
131   path_decode(local_buf, buf);
132 
133 }
134 
main()135 int main() {
136   char buf[0x100] = "Hello this is a test program with a decoding based buffer overflow\n";
137   send_all(1, buf, 67);
138   do_overflow();
139 
140   return 0;
141 }
142 
143 
144 
145