National Institute of Standards and Technology
Package illustrating a test case

Test case 1505

Description

The longjmp() function. C99 defines the setjmp() macro, the longjmp() function and the jmp_buf type which can be used to bypass the normal function call and return discipline. The longjmp() function can be exploited by overwriting the value of PC (the program counter) in the jmp_buf buffer with the start of the shellcode. It can be accomplished with an arbitrary memory write or by a buffer overflow directly into the jmp_buf structure.
From "Secure Coding in C and C++" by Robert C. Seacord.
Page 90, Figure 3-14

Flaws

Have any comments on this test case? Please, send us an email.