SC 206: Integer Overflow (15 pts)

What You Need

Installing a C Compiler

On your cloud Linux server, execute these commands: 
sudo apt update
sudo apt install build-essential

Making a C Function

On your cloud Linux server, execute this command: 
sudo nano /usr/local/bin/SC206.c
Paste in this code, as shown below. 
#include <stdio.h>
#include <string.h>
#include <stdint.h>
#include <stdlib.h>

int main(int argc, char* argv[]) {
  char name[300];
  uint8_t len;
  if (argc < 2) {
    printf("NO NAME!\n");
    exit(1);
  }

  strcpy(name, argv[1]);
  len = strlen(name);
  if (len > 10) {
    printf("TOO LONG!\n");
    exit(1);
  }
  printf("%s\n", name);
}
Save the file with Ctrl+X, Y, Enter.

To compile the function, execute this command: 
sudo gcc -o /usr/local/bin/SC206 /usr/local/bin/SC206.c

Testing the Function

The purpose of this function is to limit the size of an input string to ten characters.

To see it work, execute these commands: 

SC206
SC206 ShortName
SC206 ALongerName
As shown below, it always returns a string of ten characters or less, which is either the input name or an error message.

Making an HTML Form

On your cloud Linux server, execute this command: 
sudo nano /var/www/html/SC206.htm
Paste in this code, as shown below. 
<html>
<body>
<form action="SC206.php">
    Name: <input name="name"><p>
    <input type="submit">
</form>
</body>
</html>
Save the file with Ctrl+X, Y, Enter.

Making a PHP Script

Now we'll make PHP script to call the C function.

On your cloud Linux server, execute this command: 

sudo nano /var/www/html/SC206.php
Paste in this code, as shown below. 
<?php

$noname = 0;
if (!isset($_REQUEST['name'])) {
	$noname = 1;
} else {
	$name = $_REQUEST['name'];
	if (strlen($name) < 1) {
		$noname = 1;
	}
}
	
if ($noname == 1) {
	die("<h2>Error: Must specify name!!</h2>");
}

echo "You entered: $name<p>";
echo "Sanitized name is: <pre>";

system("/usr/local/bin/SC206 $name");

?>

Save the file with Ctrl+X, Y, Enter.

Testing your Form Manually

In a Web browser, open this URL, replacing the IP address with the external IP of your server:
http://35.222.29.122/SC206.htm
Enter a name of ShortName into the form, as shown below, and click the Submit button.

The next page shows the name unchanged, as shown below.

Enter a name of ALongerName into the form. Verify that it's rejected, as shown below.

Testing your Form Automatically

In a Web browser, open this page:
https://samlols.samsclass.info/SC/SC206.htm
Enter the URL to your PHP page in the form for flag SC 206.1, as shown below, and click the Submit button.

Flag SC 206.1: Expected Functionality (5 pts)

The flag appears, as shown below.

Observing an Overflow

Enter a name of:

AAAAAAAAAABBBBBBBBBBCCCCCCCCCCDDDDDDDDDDEEEEEEEEEE

into the form. This name is 50 characters long.

Verify that it's rejected, as shown below.

Paste that name five times into a your form. Carefully scroll through it and make sure there are no embedded spaces, so it's a single string 250 characters long.

Submit it.

It's rejected, as shown below.

Enter the same 250-character name into the form, and append HELLOTHERE, so the input name is 260 characters long, and submit it.

It's accepted, as shown below.

This happens because the length variable exceeds its maximum value of 255 and rolls around to zero, so a length of 260 is measured as a length of 4.

Fixed Code

Modify your C code to accept inputs up to 260 characters and correctly reject them.

When it's working, run the test in the box below to get the flag.

Flag SC 206.2: No More Integer Overflow (10 pts)

In a Web browser, open this page:

https://samlols.samsclass.info/SC/SC206.htm
Enter the URL to your PHP page in the form for flag SC 206.2 and submit the form. If your code is correct, the flag will appear.

Posted 3-29-24