Secure Coding mailing list archives

RE: Off-by-one errors: a brief explanation

From: "Gary McGraw" <gem () cigital com>
Date: Thu, 06 May 2004 15:24:06 +0100

In the chapter on buffer overflow in Exploiting Software we have a brief
explanation of off-by-one NULL termination errors and show how they can
be exploited.  This is on pages 304-308.  We provide an example with
strncat(), and show how the stack looks before and after.

gem

See http://www.exploitingsoftware.com/



----------------------------------------------------------------------------
This electronic message transmission contains information that may be
confidential or privileged.  The information contained herein is intended
solely for the recipient and use by any other party is not authorized.  If
you are not the intended recipient (or otherwise authorized to receive this
message by the intended recipient), any disclosure, copying, distribution or
use of the contents of the information is prohibited.  If you have received
this electronic message transmission in error, please contact the sender by
reply email and delete all copies of this message.  Cigital, Inc. accepts no
responsibility for any loss or damage resulting directly or indirectly from
the use of this email or its contents.
Thank You.
----------------------------------------------------------------------------

Current thread:

Off-by-one errors: a brief explanation Steven M. Christey (May 05)
- Re: Off-by-one errors: a brief explanation jnf (May 06)
  - RE: Off-by-one errors: a brief explanation Dave Paris (May 06)
  - Message not available
    - Re: Off-by-one errors: a brief explanation Mads Rasmussen (May 07)
- Re: Off-by-one errors: a brief explanation Pascal Meunier (May 07)
- <Possible follow-ups>
- RE: Off-by-one errors: a brief explanation Gary McGraw (May 06)
- Re: Off-by-one errors: a brief explanation Steven M. Christey (May 06)
  - Re: Off-by-one errors: a brief explanation jnf (May 07)