Buffer overflow

1. #include <linux/module.h>
2. #include <linux/kernel.h>
3. #include <linux/init.h>
4. #include <linux/string.h>
5. #include <linux/slab.h>
6.  
7. // Module parameters for user input
8. static char *input_buffer = NULL;
9. module_param(input_buffer, charp, 0644);
10. MODULE_PARM_DESC(input_buffer, "Input buffer to demonstrate stack overflow");
11.  
12. // Vulnerable function with fixed-size stack buffer
13. static void vulnerable_copy_function(void)
14. {
15. // VULNERABILITY: Fixed-size stack buffer
16. // This buffer is allocated on the kernel stack
17. char local_buffer[64];
18.  
19. // Unsafe copy without length checking
20. // This can cause stack overflow if input is longer than buffer
21. if (input_buffer) {
22. printk(KERN_INFO "Attempting to copy input: %s\n", input_buffer);
23.  
24. // DANGEROUS: Potential stack overflow
25. // strcpy does not check buffer bounds, which can overflow the buffer
26. strcpy(local_buffer, input_buffer); // This is where the overflow can happen
27.  
28. printk(KERN_INFO "Copied buffer: %s\n", local_buffer); // Will print corrupted data if overflow occurs
29. }
30. }
31.  
32. // Module initialization function
33. static int __init stack_overflow_init(void)
34. {
35. printk(KERN_INFO "Stack Overflow Vulnerability Module Loaded\n");
36.  
37. // Call the vulnerable function
38. vulnerable_copy_function();
39.  
40. return 0;
41. }
42.  
43. // Module cleanup function
44. static void __exit stack_overflow_exit(void)
45. {
46. printk(KERN_INFO "Stack Overflow Module Unloaded\n");
47. }
48.  
49. // Macro declarations for kernel module
50. module_init(stack_overflow_init);
51. module_exit(stack_overflow_exit);
52.  
53. MODULE_LICENSE("GPL");
54. MODULE_AUTHOR("Security Research");
55. MODULE_DESCRIPTION("Kernel Module Demonstrating Stack Overflow Vulnerability");