Penetration Testing mailing list archives

Re: Format String Vulnerabilities

From: andy.x.johnson () cummins com
Date: 18 May 2007 19:03:59 -0000

I can assume the string format function is using 'strcpy' to copy the format into a pointer.  The easiest solution is 
to rewrite the code to use the bounds checking version 'strncpy'.  This will keep the overflow from happening no matter 
where the pointer address is referenced on the stack.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

Current thread:

Format String Vulnerabilities Mike Gibson (May 18)
- Re: Format String Vulnerabilities Pranay Kanwar (May 18)
- Re: Format String Vulnerabilities rajat swarup (May 18)
- <Possible follow-ups>
- Re: Format String Vulnerabilities andy . x . johnson (May 18)