Vulnerability Development mailing list archives
vulnerabilities in this code chunk
From: erk_3 () hotmail com
Date: 21 Jun 2007 22:41:04 -0000
Heylo, I am trying to find all the vuln's in this code chunk, and the only thing I can come up with is a null pointer dereference. Assume data and data_len are user controlled. Null pointer happens when passing in a negative number. I was looking hard at the memset functions but I couldn't come up with anything. Anyone else see anything here? Thanks! char *copy_data(char *data, unsigned int data_len) { unsigned int header_size = 8; char *buf; if (!(buf = malloc(data_len + header_size))) { return NULL; } memcpy(buf, "HEADER: ", 8); memcpy(buf + 8, data, data_len); return buf; }
Current thread:
- vulnerabilities in this code chunk erk_3 (Jun 22)
- <Possible follow-ups>
- Re: vulnerabilities in this code chunk Jonathan Leffler (Jun 22)