Buffer overflow with stack canary

1. leak libc pointer
2. leak stack canary
3. perform return address overwrite while keeping the canary in check