// heartbleed

 

Sample program  heartbleed.zip (windows command line) - unzip file, rename to heartbleed.exe, run in a command line DOS box

 

// heartbleed.cpp : Sample application testing buffer overrun of secure version of 'memcpy' function

 

// memcpy_s

// Copy memory in a more secure way than memcpy

 

#include "stdafx.h"

#include <memory.h>

#include <stdio.h>

 

int main()

{

   int bp[10];    // destination array space for 10 numbers

   int pl[100];   // source array space for 100 numbers

   int payload;   // number of numbers to copy

   int i;

   errno_t err;

 

   // Populate pl with squares of integers (the first 100 starting at 0)

   for (i = 0; i < 100; i++)

   {

      pl[i] = i*i;

   }

 

   // Tell memcpy_s to copy 10 integers (40 bytes), giving

   // the size of the bp array (also 40 bytes).

   payload = 11;  // 11 numbers should try to overfill bp

   err = memcpy_s(bp, sizeof(bp), pl, payload * sizeof (int) );   // program crashes here!

   if (err)             // should get err > 0 since there is a problem

   {

      printf("Error executing memcpy_s.\n");

   }

   else

   { // Display values in bp

     for (i = 0; i < 10; i++)

       printf("%d ", bp[i]);

   }

   printf("\n");

}