Security Crash Course for C++ engineers >> code samples

Code sample	Purpose
Buffer overflow	Demonstrates heap buffer overflow by copying too much or copying until the end of the buffer but without the ending null character.
Formatted output.	Demonstrates walking the stack from inside the printf stack frame into the caller's stack frame to print variables on that stack frame.
Implicit conversion	Demonstrates how a signed char with value -1 will be implicitly converted to an unsigned int which will result in it being considered equal to an unsigned int with the maximum value.
Password check	Demonstrates that you can overflow a variable on the stack overwriting the contiguous variable. The first is supposed to hold user input of a password, the second the expected password, so they are naively compared to decide whether to grant access. The overflow makes them both have the same value (like "password"), which will trick the program to login a user without proper credentials. Note that to make the input small, the size of the strings should be 8. Otherwise the variables will be aligned to multiples of 8 in memory so you need to add more padding to the input in order to overwrite the contiguous variable.
Pointer subterfuge	Demonstrates stack smashing overwriting a pointer to an intended function to point to a malicious function. Need to update the malicious string to include the address of the malicious function. Note that you're likely on an little-endian processor, so the order of the bytes should be inverted. Example: Requires: strcpy(buffer, "aaaaaaaa\xda\x12\x01\x40\x01\x00");
Signed overflow	With intsPerElement = 2, demonstrates an int overflowing into a negative number that would then be used to size a buffer allocation. With intsPerElement = 4, demonstrates an int overflowing into a positive number that would then be used to size a buffer allocation that is too short to hold all the required data. The subsequent iteration populating the buffer will cause a buffer overflow, which can be demonstrated in the memory window.
Unsigned wraparound	Demonstrates an unsigned wraparound that results in a buffer being allocated for 4 elements when it's supposed to store many more. The subsequent iteration populating the buffer will cause a buffer overflow, which can be demonstrated in the memory window.
Upcast	Demonstrates how a naive test for wraparound fails to detect it due to the upcast of the (a + b) to an int. Also shows a correct way to test for wraparound.