cmemorystructbuffer-overflowaslr

Address space layout randomization and structures in C


I have this structure:

struct Books {
 char  title[50];
 char  author[50];
};

Let's say that I know that if I pass arg1 to the program, in some part of the code, it adds some chars in the direction $title+52, so the author value is overwritten (buffer overflow).

Now I add ASLR to my binary. By this way, some directions are random, so I think the buffer overflow that I described before could not be possible.

Is this true? Or even if I add ASLR the directions of struct members are together and buffer overflow could be possible?


Solution

  • The specific overflow you mentioned is still possible.

    With the exception of bitfields, the fields of a structure follow one another in order in memory (with some possible padding in between). This is detailed in section 6.7.2.1p15 of the C standard:

    Within a structure object, the non-bit-field members and the units in which bit-fields reside have addresses that increase in the order in which they are declared. A pointer to a structure object, suitably converted, points to its initial member (or if that member is a bit-field, then to the unit in which it resides), and vice versa. There may be unnamed padding within a structure object, but not at its beginning.

    So in this case the author field will always follow the title field, regardless of what specific address an object of type struct Books is located at. The only possible difference could be the amount of padding, but unless you add or remove fields in the struct this probably won't change.