Vulnerability Development mailing list archives
Re: Secure coding in C (was Re: Administrivia #4883)
From: spin () MASSIVE CH (spin0ff)
Date: Fri, 21 Jan 2000 19:32:47 +0100
On Mon, 17 Jan 2000, Valery Dachev wrote:
On Mon, 17 Jan 2000, Vladimir Dubrovin wrote:Hello Valery Dachev, 17.01.00 12:25, you wrote: Secure coding in C (was Re: Administrivia #4883); V> Lucky you ! You have encountered the \0 symbol after your buffer and V> before the end of the segment. Take a look at the situation where the \0 V> symbol is not there. Your program can explode with "Segmentation V> fault" (or "Segmentation violation" in Windows). There's a simple example V> in the attachment. V> Bye. Your example will fail regardless '\0' because there is no bounds checking for array at all.This is what I want to demonstrate to Mr.spin0ff ;) This example shows that when no bound checking, accessing memory address can cause such errors ;)))
anyway, the question was not whether this will "work" or crash... my question was "is it exploitable", and if so... how. the segfault problem was obvious... s0
Current thread:
- Re: Secure coding in C (was Re: Administrivia #4883) Valery Dachev (Jan 17)
- Re: Secure coding in C (was Re: Administrivia #4883) spin0ff (Jan 21)
- Re: Secure coding in C (was Re: Administrivia #4883) Valery Dachev (Jan 22)
- <Possible follow-ups>
- Re: Secure coding in C (was Re: Administrivia #4883) Warner Losh (Jan 21)
- Re: Secure coding in C (was Re: Administrivia #4883) spin0ff (Jan 21)