Skip to content

How do Arrays and more work in C

links: ED TOC - C Arrays - Index

C Arrays & Pointers

  • Arrays in C are essentially pointers.
  • Nothing is checked by the compiler. You can do whatever you want. There are no boundaries in C.
  • Example: 
    int array[5] = {1, 2, 3, 4, 5};
array[0] = 0;
array[4] = 0;
  • Pointers can be used to manipulate array elements: 
    int *a = array;
a[2] = 0;

Copying Data

  • Strings in C are arrays of bytes.
  • They are terminated by the 0 byte \x00
  • Functions to copy strings: 
    strcpy(destination, source);
memcpy(destination, source, len);
gets(destination);
  • Vulnerabilities arise when the destination buffer size is not considered, leading to buffer overflows.

Exploitation Basics

  • Common vulnerability: Buffer overflow due to functions like strcpy() not considering the destination buffer size.
  • Example: 
    char destination[8];
char source[16] = "1234567890123456\x00";
strcpy(destination, source);
  • strncpy(destination, source, len) does care about the length!

Non-Arrays in C

  • C has basic types (int, float), enumerated types, void type, and derived types (pointers, arrays, structures, unions, functions).
  • Arrays consist of multiple elements of the same type.
  • Structures can hold multiple elements of different types.
  • Example: 
    struct var {
    short x;
    long y;
    char z[3];
}

Remember

  • basic types are stored in memory and can be loaded into registers
  • derived types are stored in memory and contain basic types
  • basic types are modified in registers!

Conclusion

  • C does not enforce buffer boundaries, making it susceptible to buffer overflow attacks.
  • strcpy() and similar functions do not check the size of the destination buffer, leading to potential overwrites of adjacent memory.
  • One buffer can overflow into another buffer
  • Local variables/buffers are adjoin to each other
  • Pointer can point to any memory address

links: ED TOC - C Arrays - Index