Hi!

Here you have vulnerable concept proofs of heap based buffer overflow, stack buffer overflow and user after free.

To compile:

g++ heap.c -o heap
g++ uaf.c -o uaf
g++ stack.c -o stack

Is it possible that the ZeraTool tool could successfully exploit these three cases?

peto@ubuntu:~/Desktop/challenges$ cat heap.c
#include
#include
#include
#include
#define BUFSIZE 10
using namespace std;

int main(int argc, char* argv[])
{
if (argc > 1) {
cout << "argv[1] = " << argv[1] << endl;
} else {
cout << "No file name entered. Exiting...";
return -1;
}
ifstream myReadFile;
myReadFile.open(argv[1]);
char output[8192];
if (myReadFile.is_open()) {
while (!myReadFile.eof()) {

myReadFile >> output;

char *buf;
buf = (char *)malloc(sizeof(char)*BUFSIZE);
strcpy(buf, output);

}
}
myReadFile.close();
return 0;
}

peto@ubuntu:~/Desktop/challenges$ cat uaf.c
#include
#include
#include
#include
#define BUFSIZER1 10
using namespace std;

int main(int argc, char* argv[])
{
if (argc > 1) {
cout << "argv[1] = " << argv[1] << endl;
} else {
cout << "No file name entered. Exiting...";
return -1;
}
ifstream myReadFile;
myReadFile.open(argv[1]);
char output[8192];
if (myReadFile.is_open()) {
while (!myReadFile.eof()) {

myReadFile >> output;
char *buf1R1;
buf1R1 = (char *) malloc(BUFSIZER1);
free(buf1R1);
strcpy(buf1R1, output);
}
}
myReadFile.close();
return 0;
}

peto@ubuntu:~/Desktop/challenges$ cat stack.c
#include
#include

using namespace std;

int main(int argc, char* argv[])
{
if (argc > 1) {
cout << "argv[1] = " << argv[1] << endl;
} else {
cout << "No file name entered. Exiting...";
return -1;
}
ifstream myReadFile;
myReadFile.open(argv[1]);
char output[10];
if (myReadFile.is_open()) {
while (!myReadFile.eof()) {

myReadFile >> output;
cout<<output;

}
}
myReadFile.close();
return 0;
}