The following program takes a password as input but always refuses to generate lottery numbers:
#include <iostream>
using namespace std;
char goodPassword() {
int good = ‘N’;
char Password[10]; // Memory storage for the password
cin>>Password; // Get input from keyboard
return (char)good;
}
int main() {
cout<<“Enter your password:”<<endl;
if (goodPassword() == ‘Y’) {
cout << “The lottery numbers are: “;
for (int i = 0; i < 5; i++)
cout << rand()%50 << ” “;;
}
else {
printf(“No numbers for you today.\n”);
}
return 0;
}
Luckily, the program is vulnerable to a buffer overrun in the good Password() procedure. The goal is to take advantage of the vulnerability so that it can generate lucky numbers for us.