Vulnerability Development mailing list archives
Re: static char overflow
From: SpaceWalker <spacewalker () altern org>
Date: Thu, 2 May 2002 17:08:53 +0200
The malloc algorithms are vulnerable to buffer overflow in most conditions, which I don't think I realised here : after the overflow, you need a free or a malloc, which will try to optimise the heap, and will overwrite some location of the memory. your static char [] is located in the bss; this mean it's into the heap, but before malloc informations; if you don't have any malloc() before and no any free() or malloc behind, things you overwrite will never cause crash, unless you don't go through the brk() zone. There are a lot of articles in the net explaining buffer overflow in the heap, and two really good ones are in phrack the-one-before-last, you can find it at www.phrack.com please correct me if I'm wrong SpaceWalker On Wed, 01 May 2002 22:14:10 +0200 melsa <3melsa3 () mail ru> wrote:
but what about the heap ? ---------------------------------------------------------- main(int argc,char **argv) { static char buf [1024]; strcpy(buf,argv[1]); printf("%s",buf); }
Current thread:
- static char overflow melsa (May 01)
- Re: static char overflow SpaceWalker (May 02)
- <Possible follow-ups>
- Re: static char overflow - OUAH - (May 02)
- Re: static char overflow Sebastian (May 02)
- Re: static char overflow SpaceWalker (May 02)
- Re: static char overflow Sebastian (May 03)
- Re: static char overflow Sebastian (May 02)
- Re: static char overflow Shaun Clowes (May 04)