diff --git a/src/examples/Makefile b/src/examples/Makefile
index c5702291e1b8aed9e73b81afc74a33854aaea44a..a8bb35643565bb3f47cb8b3b3ccfc8903fc37764 100644
--- a/src/examples/Makefile
+++ b/src/examples/Makefile
@@ -4,7 +4,7 @@ SRCDIR = ..
# To add a new test, put its name on the PROGS list
# and then add a name_SRC line that lists its source files.
PROGS = cat cmp cp echo halt hex-dump ls mcat mcp mkdir pwd rm shell \
- bubsort insult lineup matmult recursor my mycreate mywait myremove
+ bubsort insult lineup matmult recursor my mycreate mywait myremove overflow
# Should work from project 2 onward.
cat_SRC = cat.c
@@ -22,6 +22,8 @@ my_SRC = my.c
mycreate_SRC = mycreate.c
mywait_SRC = mywait.c
myremove_SRC = myremove.c
+overflow_SRC = overflow.c
+
# Should work in project 3; also in project 4 if VM is included.
bubsort_SRC = bubsort.c
diff --git a/src/examples/mycreate b/src/examples/mycreate
index bfcba58faf5d343ffabe9872e8d3efe2631d2fa9..24e42fdfffca8de5ab70afbacf205de34e25f5fc 100755
Binary files a/src/examples/mycreate and b/src/examples/mycreate differ
diff --git a/src/examples/myremove b/src/examples/myremove
index 30a7fbe4f8b4a60cf0217b852401f21728bf328c..975c82ef8b9c29287f9b4050eb3867d0bb3cb0ef 100755
Binary files a/src/examples/myremove and b/src/examples/myremove differ
diff --git a/src/examples/myremove.c b/src/examples/myremove.c
index 462570015bba0da7825bec1506ea2bf0e85750f7..59142b511b52a63a2f8e45dc0cfe55efdc9ced3d 100644
--- a/src/examples/myremove.c
+++ b/src/examples/myremove.c
@@ -1,6 +1,6 @@
#include <stdio.h>
#include <syscall.h>
-//This file has been created too test the create system call
+//This file has been created too test the remove system call
int
main (void)
{
diff --git a/src/examples/mywait b/src/examples/mywait
index 9bb04d2239d308595753aefa80624b22b737acfa..a4010000006cd579d4cb6ef68abe078bea6918c4 100755
Binary files a/src/examples/mywait and b/src/examples/mywait differ
diff --git a/src/examples/overflow b/src/examples/overflow
new file mode 100755
index 0000000000000000000000000000000000000000..2dfff7ae0a104c1cf712c8129061d2c6a3522082
Binary files /dev/null and b/src/examples/overflow differ
diff --git a/src/examples/overflow.c b/src/examples/overflow.c
new file mode 100644
index 0000000000000000000000000000000000000000..d27c9fde8266aff8d631ccf96295c7f4e91e9daf
--- /dev/null
+++ b/src/examples/overflow.c
@@ -0,0 +1,10 @@
+#include <stdio.h>
+#include <syscall.h>
+//This file has been created too test the overflow exploit
+int
+main (void)
+{
+ remove("\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41");
+
+ //return EXIT_SUCCESS;
+}
\ No newline at end of file
diff --git a/src/lib/string.h b/src/lib/string.h
index 1fff82a060c32080a99810c4d9413dc97a441910..5ebb8bc59c56ff4d3f1c6ed9858f9e13bcc86711 100644
--- a/src/lib/string.h
+++ b/src/lib/string.h
@@ -18,6 +18,7 @@ size_t strspn (const char *, const char *);
char *strstr (const char *, const char *);
void *memset (void *, int, size_t);
size_t strlen (const char *);
+char *strcpy(char *dest, const char *src);
/* Extensions. */
size_t strlcpy (char *, const char *, size_t);
@@ -26,7 +27,7 @@ char *strtok_r (char *, const char *, char **);
size_t strnlen (const char *, size_t);
/* Try to be helpful. */
-#define strcpy dont_use_strcpy_use_strlcpy
+//#define strcpy dont_use_strcpy_use_strlcpy
#define strncpy dont_use_strncpy_use_strlcpy
#define strcat dont_use_strcat_use_strlcat
#define strncat dont_use_strncat_use_strlcat
diff --git a/src/userprog/syscall.c b/src/userprog/syscall.c
index 0f9f31961ea8bc815e213a210086c826cb6b2142..6618942a396807b337f36e6c8065d064c23fc87f 100644
--- a/src/userprog/syscall.c
+++ b/src/userprog/syscall.c
@@ -1,5 +1,6 @@
#include "userprog/syscall.h"
#include <stdio.h>
+//#include <string.h>
#include <syscall-nr.h>
#include "threads/interrupt.h"
#include "threads/thread.h"
@@ -11,12 +12,10 @@
#include "threads/synch.h"
#include <stdlib.h>
#include "threads/vaddr.h"
-//#include "userprog/process.c"
+#include "threads/vaddr.h"
-
-struct file* process_get_file (int fd); // FOR READ
-static void check_user (const uint8_t *uaddr);
+struct file* process_get_file (int fd); // FOR READ
void halt (void) NO_RETURN;
void exit (int status) NO_RETURN;
pid_t exec (const char *file);
@@ -30,35 +29,9 @@ int write (int fd, const void *buffer, unsigned length);
void seek (int fd, unsigned position);
unsigned tell (int fd);
void close (int fd);
-
-static int32_t get_user (const uint8_t *uaddr);
-
-// void check_user (const void *uaddr); // for read
+static int32_t usergrab (const uint8_t *uaddr);
int input_getc (void); // for read
-// struct file* process_get_file (int fd); //for read
-
-//int memread_user(void *dst, const void *src, size_t n);
-
-struct lock; //All for the lock to work to protect from race vuln
-void lock_init (struct lock *lock);
-void lock_acquire (struct lock *lock);
-bool lock_try_acquire (struct lock *lock);
-void lock_release (struct lock *lock);
-bool lock_held_by_current_thread (const struct lock *lock);
-struct lock filesys_lock;
-
-struct semaphore;
-void sema_init (struct semaphore *sema, unsigned value);
-void sema_down (struct semaphore *sema);
-bool sema_try_down (struct semaphore *sema);
-void sema_up (struct semaphore *sema);
-void sema_self_test (void);
-
-struct condition;
-void cond_init (struct condition *cond);
-void cond_wait (struct condition *cond, struct lock *lock);
-void cond_signal (struct condition *cond, struct lock *lock);
-void cond_broadcast (struct condition *cond, struct lock *lock);
+
struct file_descriptor
{
@@ -77,57 +50,45 @@ struct process_file
-
-
-
-
-static void fail_invalid_access(void) {
- if (lock_held_by_current_thread(&filesys_lock))
- lock_release (&filesys_lock);
-
- process_exit (-1);
- NOT_REACHED();
+void strcpy(char *dest, const char *src)
+{
+ int i = 0;
+ while ((dest[i] = src[i]) != '\0')
+ {
+ i++;
+ }
}
-
-
-
-
-#include "threads/vaddr.h"
-
+void strcpytest()
+{
+ char a;
+ char b;
+ a = ("letsgetit");
+ b = ("empty");
+ printf(a);
+ printf(b);
+ strcpy(b, a);
+ printf(a);
+ printf(b);
+}
static int
-memread_user (void *src, void *dst, size_t bytes)
+scanmem (void *src, void *dst, size_t bytes)
{
int32_t value;
size_t i;
for(i=0; i<bytes; i++) {
- value = get_user(src + i);
- if(value == -1) // segfault or invalid memory access
- fail_invalid_access();
+ value = usergrab(src + i);
+
*(char*)(dst + i) = value & 0xff;
}
return (int)bytes;
}
-// CHECK USER
-static void
-check_user (const uint8_t *uaddr) {
- // check uaddr range or segfaults
- if(get_user (uaddr) == -1)
- fail_invalid_access();
-}
-
-
-
-
-
-
-
//GET USER CODE
static int32_t
-get_user (const uint8_t *uaddr) {
+usergrab (const uint8_t *uaddr) {
// check that a user pointer `uaddr` points below PHYS_BASE
if (! ((void*)uaddr < PHYS_BASE)) {
return -1;
@@ -140,61 +101,38 @@ get_user (const uint8_t *uaddr) {
return result;
}
-
-
-
-
-
-
-
-
-
-
-
-
bool
create (const char *file, unsigned initial_size)
{
printf("file: %s\n", file);
printf("initial size: %d\n", initial_size);
printf("File generated succsessfully!");
- return filesys_create (file, initial_size);
-}
-
-
+ //char str[20] = "fresh2refresh.com";
+ //char target[25] ="ello";
+ //printf("\n %s \n", str);
+ //printf("%s \n", target);
+ //strcpy(target, str);
+ //printf("%s \n", str);
+ //printf("%s \n", target);
+ return filesys_create (file, initial_size);
+}
bool remove(const char* filename) {
- bool return_code;
+ //bool return_code;
+ char buf [100];
// memory validation missing no check user function // added now
- check_user((const uint8_t*) filename);
+
printf ("CHECK USER RUN\n");
- return_code = filesys_remove(filename);
- printf ("File removed --->");
- printf (filename);
+ strcpy (buf, filename);
- return return_code;
-}
-
-
-
-
-
-int wait(pid_t pid) {
- printf ("[DEBUG] Wait : %d\n", pid);
- return wait(pid);
+ printf ("File removed --->");
+ printf (buf);
+ filesys_remove(buf);
}
-
-
-
-
-
-
-
-
static void syscall_handler (struct intr_frame *);
static uint32_t load_stack(struct intr_frame *f, int offset){
@@ -208,17 +146,6 @@ syscall_init (void)
intr_register_int (0x30, 3, INTR_ON, syscall_handler, "syscall");
}
-////////////////////////READ CODE////////////////////////////
-
-/* void // CHECK USER FUNCTION
-check_user (const uint8_t *uaddr)
-{
- if ((void *) uaddr < (void *) 0x08048000
- || (void *) uaddr >= (void *) 0xc0000000)
- exit (-1);
-}
-*/
-
struct file* //GET FILE FUNCTION
process_get_file (int fd)
{
@@ -244,37 +171,28 @@ syscall_handler (struct intr_frame *f){
case SYS_READ:
{
- //int fd = (int) load_stack(f, 1);
- //void *buffer = (void*) load_stack(f, 2);
- //unsigned size = (unsigned) load_stack(f, 3);
- //f->eax = read(fd, buffer, size);
- //break;
+
}
case SYS_CREATE:
{
const char *file;
unsigned initial_size;
- memread_user (f->esp + 4, &file, sizeof file);
- memread_user (f->esp + 8, &initial_size, sizeof initial_size);
+ scanmem (f->esp + 4, &file, sizeof file);
+ scanmem (f->esp + 8, &initial_size, sizeof initial_size);
f->eax = create (file, initial_size);
break;
}
case SYS_WAIT:
{
- pid_t pid;
- memread_user(f->esp + 4, &pid, sizeof(pid_t));
- int ret = wait(pid);
- f->eax = (uint32_t) ret;
- break;
}
case SYS_REMOVE:
{
const char* filename;
bool return_code;
- memread_user(f->esp + 4, &filename, sizeof(filename));
-
+ scanmem(f->esp + 4, &filename, sizeof(filename));
+
return_code = remove(filename);
f->eax = return_code;
break;
@@ -290,39 +208,5 @@ syscall_handler (struct intr_frame *f){
thread_exit ();
}
-
-////////////////////////READ CODE////////////////////////////
-/*
-int read(int fd, void* buffer, unsigned size) {
- // memory validation
- check_user((const uint8_t*) buffer);
-
- int bytes_read = 0;
-
- // read from stdin if fd == 0, otherwise read from file
- if (fd == 0) {
- // read from stdin
- for (unsigned i = 0; i < size; i++) {
- char c = input_getc();
- if (c == '\0') {
- break;
- }
- *((char*) buffer + i) = c;
- bytes_read++;
- }
- } else {
- // read from file
- struct file* f = process_get_file(fd);
- if (f == NULL) {
- return -1;
- }
- lock_acquire (&filesys_lock);
- bytes_read = file_read(f, buffer, size);
- lock_release (&filesys_lock);
- }
- return bytes_read;
-}
-*/
-////////////////////////READ CODE////////////////////////////
-
+
diff --git a/src/utils/pintos-gdb b/src/utils/pintos-gdb
index 4ef38d3f177f1c9b694d422c14efdd2df98809d9..5e195e3536d10c2cbce72cf9de09403361a72b63 100755
--- a/src/utils/pintos-gdb
+++ b/src/utils/pintos-gdb
@@ -1,7 +1,7 @@
#! /bin/sh
# Path to GDB macros file. Customize for your site.
-GDBMACROS=/usr/class/cs140/pintos/pintos/src/misc/gdb-macros
+GDBMACROS=/home/dev/uwe_os/gitdown/pintos_student/src/misc
# Choose correct GDB.
if command -v i386-elf-gdb >/dev/null 2>&1; then