Skip to content

Latest commit

 

History

History
39 lines (24 loc) · 1.06 KB

File metadata and controls

39 lines (24 loc) · 1.06 KB

Vulnerable Code

from flask import Flask, request, jsonify
import ctypes

app = Flask(__name__)

BUFFER_SIZE = 32

@app.route("/submit", methods=["POST"])
def submit():
    username = request.json.get("username", "")

    buffer = ctypes.create_string_buffer(BUFFER_SIZE)

    ctypes.memmove(buffer, username.encode(), len(username))

    return jsonify({
        "message": "Username saved"
    })

app.run(port=5000)
Reveal Solution

Findings

1. Buffer Overflow

The application stores user input in a fixed-size buffer (32 bytes) but never checks whether the input is larger than the buffer. If a user sends a very long value, it can overwrite nearby memory, which may crash the application or lead to other security issues.

2. Unsafe Memory Handling

Python is normally safe from buffer overflows, but using the ctypes module allows direct memory operations. Using functions like memmove() without proper validation removes Python's built-in safety and can introduce memory-related vulnerabilities.