Buffer Overflow

Learning Goal: I’m working on a c++ writing question and need an explanation and answer to help me learn.

The following program takes a password as input but always refuses to generate lottery numbers:

#include <iostream>

using namespace std;

char goodPassword() {

int good = ‘N’;

char Password[10]; // Memory storage for the password

cin>>Password; // Get input from keyboard

return (char)good;

}

int main() {

cout<<“Enter your password:”<<endl;

if (goodPassword() == ‘Y’) {

cout << “The lottery numbers are: “;

for (int i = 0; i < 5; i++)

cout << rand()%50 << ” “;;

}

else {

printf(“No numbers for you today.\n”);

}

return 0;

}

Luckily, the program is vulnerable to a buffer overrun in the goodPassword() procedure. The goal is to take advantage of the vulnerability so that it can generate lucky numbers for us.

a) Draw a diagram showing how the stack is arranged when this program runs. 10 pts

b) Figure out a password that can make the program output a lucky number. Hint: no need to overwrite the return address; there is an easier target to overwrite in this program. Explain how your password works.5 pts

c) Rewrite the program so that it no longer has a buffer vulnerability.