Penetration Testing mailing list archives
Re: Format String Vulnerabilities
From: andy.x.johnson () cummins com
Date: 18 May 2007 19:03:59 -0000
I can assume the string format function is using 'strcpy' to copy the format into a pointer. The easiest solution is to rewrite the code to use the bounds checking version 'strncpy'. This will keep the overflow from happening no matter where the pointer address is referenced on the stack. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Format String Vulnerabilities Mike Gibson (May 18)
- Re: Format String Vulnerabilities Pranay Kanwar (May 18)
- Re: Format String Vulnerabilities rajat swarup (May 18)
- <Possible follow-ups>
- Re: Format String Vulnerabilities andy . x . johnson (May 18)