/*
    attack.c
    Tanya Amert, Fall 2024

    Exploring buffer-overflow attacks.

    Compile for debugging via gdb:

        gcc -g -o attack attack.c

    Compile without stack-corruption detection (dangerous!):

        gcc -g -fno-stack-protector -o attack attack.c

    Note: For some reason the original code doesn't play nice with -Og.

    Run with no command-line arguments:

        ./attack
*/

#include <stdio.h>
#include <string.h>

// A demonstration of how to be vulnerable to a buffer-overflow
// attack.  Try this out and type in long strings, then watch the chaos!
//
// Also, just don't use gets.
//
// Seriously.
// 
// Ever.
int main() {
    char s1[8];
    strcpy(s1, "Cheddar"); // copy all 8 bytes (including '\0')

    char s2[5];
    char s3[5];
    strncpy(s2, "abcdef", 4); // copy up to 4 bytes (no '\0')
    strncpy(s3, "zyxwvu", 4); // copy up to 4 bytes (no '\0')
    s2[4] = '\0';
    s3[4] = '\0';

    printf("// Before:\n");   // added to make different more obvious
    printf("s1: %s\n", s1);
    printf("s2: %s\n", s2);
    printf("s3: %s\n\n", s3); // extra \n for a blank line

    // Original version
    strcpy(s2, s1); // copy from s1 into s2

    // New version, so much worse, vulnerable to buffer-overflow attacks:
    // (comment-out the above chunk and uncomment this one)
    // printf("Please enter a new string: ");
    // gets(s3); // DO NOT USE EVER

    printf("// After:\n");
    printf("s1: %s\n", s1);
    printf("s2: %s\n", s2);
    printf("s3: %s\n", s3);

    return 0;
}