Vulnerability Development mailing list archives
Re: Secure coding in C (was Re: Administrivia #4883)
From: valery () LINUX HOME BG (Valery Dachev)
Date: Mon, 17 Jan 2000 23:00:15 +0200
On Mon, 17 Jan 2000, Vladimir Dubrovin wrote:
Hello Valery Dachev, 17.01.00 12:25, you wrote: Secure coding in C (was Re: Administrivia #4883); V> Lucky you ! You have encountered the \0 symbol after your buffer and V> before the end of the segment. Take a look at the situation where the \0 V> symbol is not there. Your program can explode with "Segmentation V> fault" (or "Segmentation violation" in Windows). There's a simple example V> in the attachment. V> Bye. Your example will fail regardless '\0' because there is no bounds checking for array at all.
This is what I want to demonstrate to Mr.spin0ff ;) This example shows that when no bound checking, accessing memory address can cause such errors ;))) .......................................................................... :Name : Valery Dachev :Organization: Linux Society of Bulgaria : :E-Mail : valery () linux home bg :E-Mail : info () linux home bg : :Homepage: --- none --- :Homepage : http://linux.home.bg : :........:......................:............:...........................:
Current thread:
- Re: Secure coding in C (was Re: Administrivia #4883) Valery Dachev (Jan 17)
- Re: Secure coding in C (was Re: Administrivia #4883) spin0ff (Jan 21)
- Re: Secure coding in C (was Re: Administrivia #4883) Valery Dachev (Jan 22)
- <Possible follow-ups>
- Re: Secure coding in C (was Re: Administrivia #4883) Warner Losh (Jan 21)
- Re: Secure coding in C (was Re: Administrivia #4883) spin0ff (Jan 21)