Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Possible Communicator 4.76 issue

From: Nick <nwp () REDSHIFT LEMON-COMPUTING COM>
Date: Thu, 15 Mar 2001 12:49:26 +0000
On Wed, Mar 14, 2001 at 08:41:24AM -0800, c0ncept wrote:

      Derefferencing a NULL pointer would be a code quality bug IMHO. The only
security implications would be a possible Denial of Service in a server
program.


A potentially dangerous assumption to make; it depends how the pointer came
to be null, and what it's used for afterwards.

For example, if it's null because it's been overwritten with something which
just happened to make it that way, but which could if manipulated cause it
to point at something completely different, it could be dangerous. Or if
whatever overwrote the pointer had the potential to overwrite a load of other
stuff too...

Then again, it could just be dodgy logic in the program.

Until you've looked, you just can't say.

You're just not being adequately paranoid ;)


Cheers,


Nick

--
Nick Phillips -- nwp () lemon-computing com
Don't feed the bats tonight.
Previous By Date Next
Previous By Thread Next

Current thread: