Description
Program vulnerable to buffer overflow in the BSS segment. The character array and the function pointer are both uninitialized and stored in the BSS segment. The call of strncpy() on line 36 is an example of an unsafe use of bounded string copy function. A buffer overflow occurs when the length of the first argument exceeds BUFFSIZE.
This buffer overflow can be exploited to transfer control to arbitrary code by overwriting the value ofthe function pointer with the adress pf the shellcode.
From "Secure Coding in C and C++" by Robert C. Seacord.
Page 79, Figure 3-2
Flaws
Have any comments on this test case? Please, send us an email.