1 #include <libcgc.h>
2
3 typedef char int8_t;
4 typedef unsigned char uint8_t;
5 typedef short int16_t;
6 typedef unsigned short uint16_t;
7 typedef int int32_t;
8 typedef unsigned int uint32_t;
9 typedef long long int64_t;
10 typedef unsigned long long uint64_t;
11
receive_until(int fd,char * dst,char delim,size_t max)12 size_t receive_until(int fd, char *dst, char delim, size_t max )
13 {
14 size_t len = 0;
15 size_t rx = 0;
16 char c = 0;
17
18 while( len < max ) {
19 dst[len] = 0x00;
20
21 if ( receive( fd, &c, 1, &rx ) != 0 ) {
22 len = 0;
23 goto end;
24 }
25
26 if ( c == delim ) {
27 goto end;
28 }
29
30 dst[len] = c;
31 len++;
32 }
33 end:
34 return len;
35 }
36
memcpy(void * dst,const void * src,size_t n)37 void *memcpy(void *dst, const void *src, size_t n) {
38 char *d = (char*)dst;
39 const char *s = (const char *)src;
40 while (n--) {*d++ = *s++;}
41 return dst;
42 }
43
receive_n(int fd,unsigned char * dst,size_t n_bytes)44 size_t receive_n( int fd, unsigned char *dst, size_t n_bytes )
45 {
46 size_t len = 0;
47 size_t rx = 0;
48 while(len < n_bytes) {
49 if (receive(fd, dst + len, n_bytes - len, &rx) != 0) {
50 len = 0;
51 break;
52 }
53 len += rx;
54 }
55
56 return len;
57 }
58
send_all(int fd,const void * msg,size_t n_bytes)59 int send_all(int fd, const void *msg, size_t n_bytes)
60 {
61 size_t len = 0;
62 size_t tx = 0;
63 while(len < n_bytes) {
64 if (transmit(fd, (char *)msg + len, n_bytes - len, &tx) != 0) {
65 return 1;
66 }
67 len += tx;
68 }
69 return 0;
70 }
71
path_char_to_val(char c)72 int path_char_to_val(char c) {
73 switch(c) {
74 case '0':
75 return 0;
76 case '1':
77 return 1;
78 case '2':
79 return 2;
80 case '3':
81 return 3;
82 case '4':
83 return 4;
84 case '5':
85 return 5;
86 case '6':
87 return 6;
88 case '7':
89 return 7;
90 case '8':
91 return 8;
92 case '9':
93 return 9;
94 case 'a':
95 return 10;
96 case 'b':
97 return 11;
98 case 'c':
99 return 12;
100 case 'd':
101 return 13;
102 case 'e':
103 return 14;
104 case 'f':
105 return 15;
106 default:
107 return 0;
108 }
109
110 }
111
path_decode(char * out,char * in)112 void path_decode(char *out, char *in) {
113 int out_idx = 0;
114 int in_idx = 0;
115 while (in[in_idx] && in[in_idx+1]) {
116 out[out_idx] = (char)(16*path_char_to_val(in[in_idx]) + path_char_to_val(in[in_idx+1]));
117 out_idx++;
118 in_idx += 2;
119 }
120 }
121
do_overflow()122 void do_overflow() {
123 char local_buf[0x100];
124 char *buf;
125 if(allocate(0x1000, 0, (void**)&buf)) {
126 _terminate(1);
127 }
128
129 receive_until(0, buf, '\n', 0x400);
130
131 path_decode(local_buf, buf);
132
133 }
134
main()135 int main() {
136 char buf[0x100] = "Hello this is a test program with a decoding based buffer overflow\n";
137 send_all(1, buf, 67);
138 do_overflow();
139
140 return 0;
141 }
142
143
144
145