Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Java and buffer overflows

From: KF <dotslash () snosoft com>
Date: Mon, 24 Jun 2002 23:40:07 -0400
Not sure if this helps .... I was trying to come up with a scenario that passed user input to a buffer but the compiler kept barking at me so this is the best I can do. 

[root@qa5 root]# cat test.java
class test
{
       public static void main(String args[])
       {

               String[] test = new String[4];
               test[0] = "A";
               test[1] = "A";
               test[2] = "A";
               test[3] = "A";
               test[4] = "A";
               test[5] = "A";
               test[6] = "A";
       }
}


[root@rcmqa5 root]# javac test.java
[root@rcmqa5 root]# java test
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 4
       at test.main(test.java:11)

-KF


Felix Harris wrote:


I was wondering if code written in JAVA(or .NET) is vulnerable to buffer overflows.
If yes,what are the differences in the proccess of exploiting?
Any online source?
well afaik one of the main reasons for creating Java was to make it a safe language, as there is no complications between pointers and buffers. Buffers are also lengthchecked, and pointers dont really have the required scope to be exploited. If there was an exploit for a java program, it would probably exist as a bug in the virtual machine, or in a call to a c/c++ program/library. IIRC, there was something about zlib being exploitable? 
--
Felix Harris
felix () cannabis net
I say goodbye and raindrops taste like tears
In the pouring rain I stand and die alone
Previous By Date Next
Previous By Thread Next

Current thread: