Re: strcpy bug

["Dave Korn" <davek_throwaway () hotmail com>]

> From: xenophi1e <oliver.lavery () sympatico ca>
> Date: 7 Jun 2003 18:34:59 -0000
> >
> >The windows "Search for files and folders" utility will search binaries
> and
> >can often find the linkage names of functions and dlls they call.  None
>
> *Lol*. I never would have thought to use the pretty GUI with the little
> doggie for anything like this. But of course, it's really just a not-so-
> good strings / objdump | grep.

It's a quick and dirty hack, that's why I like it :)  Of course it won't 
find linkages that are only specified by function ordinal, so you get false 
negatives.

> Yeah, another obvious problem I realised after posting is that MAX_PATH
> on windows is 260 / 0x104. So the overflowable buffer is MAX_PATH
> characters long.

Heh, as I found out also when trying to create a .eot file with an overly 
long name!

> There's some protection since applications that are well
> written probably won't call a file open sort of function with a filename
> longer than MAX_PATH. Of course we all know how many applications are
> actually well written...

The question is, can we get any application to try and LZOpenFileA a file 
without first performing a check-for-existence test?  I haven't managed to 
fool IE or OE yet with any of the usual MIME / CID: tricks....


     DaveK

_________________________________________________________________
Find a cheaper internet access deal - choose one to suit you. 
http://www.msn.co.uk/internetaccess