Vulnerability Development mailing list archives
Re: Administrivia: List Announcement
From: Wynn Fenwick <wynn.fenwick () cgi com>
Date: Tue, 13 May 2003 16:43:56 -0400
Xeno nailed that one but here's something I wondered... The program uses malloc() then iterates through each memory location, assuming that malloc() would give them a contiguous block of memory.
for (i = 0; i <= SIZE && p1[i] != '\0'; i++)
buf1[i] = p1[i];
I believe there is an (incorrect) assumption that the memory returned by malloc() on Win32 is contiguous, unlike some UNIX boxen? Is there a neato non-portability vulnerability created by iterating through the string elements this way? or is it only vulnerable if you do something like this: char* p; p = &buf1; while (*p != '\0') buf1[i++] = *p++; Wow... I haven't written C in a long time... I hope I don't embarrass myself... W
Current thread:
- Re: vulndev-1 exploit., (continued)
- Re: vulndev-1 exploit. Joel Eriksson (May 14)
- Re: vulndev-1 exploit. Joel Eriksson (May 14)
- Re: Administrivia: List Announcement xenophi1e (May 13)
- Re: Administrivia: List Announcement Shafik Yaghmour (May 13)
- RE: Administrivia: List Announcement Oliver Lavery (May 13)
- RE: Administrivia: List Announcement Gustavo Scotti (May 13)
- RE: Administrivia: List Announcement Oliver Lavery (May 13)
- Re: Administrivia: List Announcement Eric Haugh (May 13)
- Re: Administrivia: List Announcement Nexus (May 13)
- Re: Administrivia: List Announcement Shafik Yaghmour (May 13)
- Re: Administrivia: List Announcement Thiago Canozzo Lahr (May 13)
- Re: Administrivia: List Announcement Wynn Fenwick (May 13)
- Re: Administrivia: List Announcement Thiago Canozzo Lahr (May 14)
- Re: Administrivia: List Announcement xenophi1e (May 14)
- RE: Administrivia: List Announcement Michael Wojcik (May 14)
- Re: vulndev-1 exploit. Joel Eriksson (May 14)