(1) typedef struct my_struct |
(2) int field1; |
(3) char⋆ pMessage; |
(4) struct my_struct ⋆ pNext; |
(5) } MY_STRUCT; |
(6) typedef struct data_field |
(7) int field; |
(8) char⋆ message; |
(9) } DATA_FIELD; |
(10) void vulnerable_function(MY_STRUCT ⋆ structArray) |
(11) MY_STRUCT ⋆ pStruct = structArray; |
(12) char buff[128]; |
(13) read(0,buf,256); // you can overflow pStruct here |
(14) MY_STRUCT ⋆ pItem = NULL; |
(15) for (pItem = pStruct; pItem != NULL; pItem = pItem->pNext) |
(16) printf(The message of %dth item is:%sn, |
(17) pItem->field1, pItem->pMessage); |
(18) int _tmain(int argc, _TCHAR⋆ argv[]) |
(19) MY_STRUCT structArray[3]; |
(20) DATA_FIELD dataArray[3] = 1, Im struct1, |
(21) 2, Im struct2, 3, Im struct3; |
(22) for (i = 0; i < 3; i++) |
(23) structArray[i].field1 = dataArray[i].field; |
(24) structArray[i].pMessage = dataArray[i].message; |
(25) if (i!=2) |
(26) structArray[i].pNext = &structArray[i + 1]; |
(27) else |
(28) structArray[i].pNext = NULL;} |
(29) vulnerable_function(structArray); |
(30) return 0;} |