Code: analysis, bugs, and security: Week 4 lab

Exercises

We will examine assembly code produced by the compiler, try to understand its workings and perhaps modify it. For Intel assembly syntax, use compiler option "-masm=intel" throughout.

1. Warmup Find out what this small program does. Then, you will be asked to change it.

2. Password bypass. This program asks for a password. Find out how, and then change the code to execute the remainder, regardless what password is input.

3. Write it in C. Figure out what this program does and then write C code to do the same. Compare the assembly for both.

4. Profiling. Compile the 3n+1 program with coverage/profiling support (use options "-O1 -S --coverage"). Figure out how the info is obtained, and what counters are produced for the functions. Try to add code to print the counters yourself to confirm.
To visualize coverage info, after having run the program, run lcov -c -d . > somefile.info and then genhtml -o outputdir somefile.info.

5. Stack protector. Compile this program which does some unsafe array indexing with option -fstack-protector (also use -O1 for shorter code). Examine and explain the code introduced for protection. Can you insert code to output the value of the canary?

6. Address sanitization. Compile the same program with unsafe array indexing with option -fsanitize=address. Trigger the bug (in how many ways can it happen?) and observe the behavior. Examine the assembly and try to figure out what extra info is stored/checked. More information about the address sanitizer, including the original paper here


Marius Minea
Last modified: Thu Oct 20 9:00:00 EEST 2016