Buffer Overflow - The Byzantine Attack

1. #include
2. #include
3. #include
4.  
5. /* Like gets, except that characters */
6. /* are typed as pairs of hex digits. */
7. /* Nondigit characters are ignored. */
8. /* Stops when encounters newline */
9.  
10. char *getxs(char *dest)
11. {
12. int c;
13. int even = 1; /* Have read even number of digits */
14. int otherd = 0; /* Other hex digit of pair */
15. char *sp = dest;
16. while ((c = getchar()) != EOF && c != '\n') {
17. if (isxdigit(c)) {
18. int val;
19. if ('0' <= c && c <= '9')
20. val = c - '0';
21. else if ('A' <= c && c <= 'F')
22. val = c - 'A' 10;
23. else
24. val = c - 'a' 10;
25. if (even) {
26. otherd = val;
27. even = 0;
28. } else {
29. *sp = otherd * 16 val;
30. even = 1;
31. }
32. }
33. }
34. *sp = '\0';
35. return dest;
36. }
37.  
38. /* $begin getbuf-c */
39. int getbuf()
40. {
41. char buf[12];
42. getxs(buf);
43. return 1;
44. }
45.  
46. void test()
47. {
48. int val;
49. printf('Type Hex string:');
50. val = getbuf();
51. printf('getbuf returned 0x%x\n', val);
52. }
53. /* $end getbuf-c */
54.  
55. int main()
56. {
57.  
58. int buf[16];
59. /* This little hack is an attempt */
60. /* to get the stack to be in a */
61. /* stable position */
62.  
63. int offset = (((int) buf) & 0xFFF);
64. int *space = (int *) alloca(offset);
65.  
66. *space = 0; /* So th"