Vulnerability Development mailing list archives

Re: [Format String vulnerabilities]

From: Frank Knobbe <frank () knobbe us>
Date: Fri, 28 May 2004 11:41:20 -0500

On Sat, 2004-05-22 at 07:48, auto198368 () hushmail com wrote:

(taken from NN-formats.txt [NOP Ninjas - Format String Technique])
fmt1.c ----------------------------------------------------

int main(int argc, char *argv[]) {
  char buf[1024];

  strncpy(buf, argv[1], sizeof(buf));
  printf(argv[1]);          
  printf("\n");
}
------------------------------------------------------------



It's funny that examples of certain vulnerabilities even include
unintended other vulnerabilities, such as the potentially unterminated
buffer above.

-Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

[Format String vulnerabilities] auto198368 (May 22)
- Re: [Format String vulnerabilities] Frank Knobbe (May 29)
- Re: [Format String vulnerabilities] Gerardo Richarte (May 29)
  - RE: [Format String vulnerabilities] Chris Eagle (May 29)
- <Possible follow-ups>
- Re: [Format String vulnerabilities] DownBload (May 23)