Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Administrivia: List Announcement

From: Shafik Yaghmour <subs () shafik net>
Date: Tue, 13 May 2003 15:21:50 -0400 (EDT)
On 13 May 2003, xenophi1e wrote:


We'll kick this off with the first challenge, which was devised by Aaron
Adams:

       strncpy(buf2, p2, SIZE);


Off-by-one. Third arg should be SIZE-1 to leave room for the terminating 
NULL. This error should lead to a heap based vulnerability when the 
memory is free()d.


        You are assuming there is a terminating NULL, there may not be. 
Although in this example it does not make a difference, but in a real 
world program it would probably be bad.

Take care

-- 
Those who dream by day are cognizant of many things which escape those who
dream only by night. -Edgar Allan Poe
Previous By Date Next
Previous By Thread Next

Current thread: