Vulnerability Development mailing list archives
Re: Secure coding in C (was Re: Administrivia #4883)
From: valery () LINUX HOME BG (Valery Dachev)
Date: Mon, 17 Jan 2000 11:25:20 +0200
On Sun, 16 Jan 2000, spin0ff wrote:
both strlen call will return when they encounter a \0, implying that after the third line, len will be long enough to hold a, b and the garbage following both a and b. c will be large enough to hold all of this.
Lucky you ! You have encountered the \0 symbol after your buffer and before the end of the segment. Take a look at the situation where the \0 symbol is not there. Your program can explode with "Segmentation fault" (or "Segmentation violation" in Windows). There's a simple example in the attachment. Bye. .......................................................................... :Name : Valery Dachev :Organization: Linux Society of Bulgaria : :E-Mail : valery () linux home bg :E-Mail : info () linux home bg : :Homepage: --- none --- :Homepage : http://linux.home.bg : :........:......................:............:...........................: <HR NOSHADE> <UL> <LI>TEXT/PLAIN attachment: Say 'BooM' ! </UL>
Current thread:
- Re: Firewall-1 Logging *Issue*, (continued)
- Re: Firewall-1 Logging *Issue* Blue Boar (Jan 13)
- Re: Administrivia #4883 nascheme () ENME UCALGARY CA (Jan 14)
- Secure coding in C (was Re: Administrivia #4883) Bennett Todd (Jan 14)
- Re: Secure coding in C (was Re: Administrivia #4883) Marco Walther (Jan 14)
- Re: Secure coding in C (was Re: Administrivia #4883) Bennett Todd (Jan 14)
- Re: Secure coding in C (was Re: Administrivia #4883) Liviu Daia (Jan 14)
- Re: Secure coding in C (was Re: Administrivia #4883) spin0ff (Jan 16)
- ICQ >= 99* + CC Data (Was: Re: Administrivia #4883) Ken Williams (Jan 16)
- Re: ICQ >= 99* + CC Data Vanja Hrustic (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) Liviu Daia (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) Valery Dachev (Jan 17)
- Secure coding in C (was Re: Administrivia #4883) Bennett Todd (Jan 14)
- Netdetect.exe with backdoor? (ICQ) WolF Knox (Jan 15)
- Re: Netdetect.exe with backdoor? (ICQ) Brad Griffin (Jan 15)
- Re: Secure coding in C (was Re: Administrivia #4883) Iván Arce (Jan 14)
- Re: Secure coding in C (was Re: Administrivia #4883) kay (Jan 15)
- Re: Secure coding in C (was Re: Administrivia #4883) Brian Masney (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) K Martin (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) Paul Cardon (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) K Martin (Jan 17)
- Re: Secure coding in C (was Re: Administrivia #4883) Bennett Todd (Jan 17)
- Re: Secure coding in C (was Re: Administrivia #4883) Aviram Jenik (Jan 16)