Crash Me

The goals of this assignment are to:

  1. Analyze the source code of a vulnerable program
  2. Develop a crashing input for the target
  3. Set up a working development environment

“Crash Me”

Canvas contains a container image1 named svs_crash_me.x86_64.img.zst that contains a vulnerable program. The source code for the program is located at /app/vuln01.cpp and the corresponding binary image is located at /app/vuln01. Your main objective is to analyze the source code of the program in order to identify an input that causes the program to crash. This input should trigger a memory corruption vulnerability you have identified in the source code.

Extra Credit

The minimal solution in the size of the crashing input submitted by the class will receive extra credit.

Submission Instructions

Package your solution as a gzipped TAR archive. Your solution should expand to the following directory structure.

$ tree -F crash_me
├── Dockerfile
└── src/

Your solution will be submitted to Canvas as source code (in src/) along with a container specification (Dockerfile). The container built from your source code must use the following interface:

docker run -it --rm \
    -v ${host_path}:/data \     # Map a host path to a container path
    ${image} /data/input        # Run the entrypoint of ${image} and output to /data/input

The submission will be graded on whether the input triggers the intended vulnerability.

Canvas contains a script called that can be used to check whether your container image builds and follows the intended interface.

  1. For help with building and running containers, see this quickstart.↩︎

© 2024 wkr