I am supposed to find the vulnerability in the code and i feel its hidden either in the __attribute__((constructor)) or the pointer .Here i can make out that it's a void pointer but i have never encountered a pointer with () (wasnt able to find out either) so what type of a pointer is this and is the (void(*)()) in (void(*)())&name for type casting or something else?Also is does the attribute constructor here play any role it feels like an empty default constructor
#include <stdio.h>
#include <string.h>
//Ignore this thing
__attribute__((constructor))
void setup(){
setvbuf(stdout,NULL,2,0);
setvbuf(stderr,NULL,2,0);
setvbuf(stdin,NULL,2,0);
}
int main()
{
printf("What's you name?\n");
char name[100];
fgets(name,100,stdin);
void(*Kekpointer)() = (void(*)())&name;
Kekpointer();
return 0;
}
i tried analyzing these functions so i came to the conclusion that pointer , the fgets function or the attribute constructor but i am not able to proceed further . i also got this hint " for challenge , your goal is to get a shell. Flag is stored on the remote server. Read the source code carefully and try to find out the vulnerability. This is a beginner level challenge !". but it didnt guide me anywhere. I am expecting more info on the pointer expecially
The left-hand side:
---->
kekpointeris a pointer to a function taking no parameters and returningvoid(returning nothing).The right-hand side:
----> the
&is theaddress-ofoperator. The typecast stands for a pointer to a function taking no parameters and returningvoid. So theaddress-ofnamehas been type-casted to a pointer to a function taking no parameters and returningvoid(returning nothing), which matches the left-hand side.The expression type-casts the
namebuffer to a function pointer, and then initialises the left-hand side with its address.