Vulnerability Development mailing list archives
Re: Administrivia: List Announcement
From: David Riley <oscar () the-rileys net>
Date: Tue, 13 May 2003 13:36:24 -0400
On Tuesday, May 13, 2003, at 12:25 PM, Dave McKinney wrote:
We'll kick this off with the first challenge, which was devised by AaronAdams: // vulndev-1.c // vuln-dev mailing list security challenge #1 // by Aaron Adams <aadams () securityfocus com> // Spot the error in this program. #include <stdio.h> #include <stdlib.h> #define SIZE 252 int main(int argc, char *argv[]) { int i; char *p1, *p2; char *buf1 = malloc(SIZE); char *buf2 = malloc(SIZE); if (argc != 3) exit(1); p1 = argv[1], p2 = argv[2]; strncpy(buf2, p2, SIZE); for (i = 0; i <= SIZE && p1[i] != '\0'; i++) buf1[i] = p1[i]; free(buf1); free(buf2); return 0; }
I'll start by saying that I like this idea... it'll give me a chance to brush up on my skills in this area.
Now, the only error I see in this program is that the for() loop checks for i <= SIZE rather than i < SIZE. However, this doesn't seem to affect much... when I run the compiled program on my OS X machine with these args:
./vuln `perl -e 'print "a" x 2000'` `perl -e 'print "b" x 2000'`It exits cleanly. I imagine that it might overwrite a byte somewhere, but it's not really doing much for me.
Thanks, and great idea, David
Current thread:
- Administrivia: List Announcement Dave McKinney (May 13)
- Re: Administrivia: List Announcement David Riley (May 13)
- Re: Administrivia: List Announcement Benjamin A. Okopnik (May 13)
- Re: Administrivia: List Announcement Edinelson Keiji Shimokawa (May 14)
- Re: Administrivia: List Announcement Benjamin A. Okopnik (May 13)
- Re: Administrivia: List Announcement Brian Hatch (May 13)
- Re: Administrivia: List Announcement Wojciech Purczynski (May 14)
- Re: Administrivia: List Announcement Luciano Miguel Ferreira Rocha (May 14)
- vulndev-1.c challenge (was Re: Administrivia: List Announcement) Bennett Todd (May 13)
- Re: Administrivia: List Announcement Bernie Cosell (May 13)
- Re: Administrivia: List Announcement Valdis . Kletnieks (May 15)
- partial analysis of vulndev-1.c David R. Piegdon (May 13)
- Re: partial analysis of vulndev-1.c Dana Epp (May 13)
(Thread continues...)
- Re: Administrivia: List Announcement David Riley (May 13)