Vulnerability Development mailing list archives
Re: [Format String vulnerabilities]
From: Frank Knobbe <frank () knobbe us>
Date: Fri, 28 May 2004 11:41:20 -0500
On Sat, 2004-05-22 at 07:48, auto198368 () hushmail com wrote:
(taken from NN-formats.txt [NOP Ninjas - Format String Technique]) fmt1.c ---------------------------------------------------- int main(int argc, char *argv[]) { char buf[1024]; strncpy(buf, argv[1], sizeof(buf)); printf(argv[1]); printf("\n"); } ------------------------------------------------------------
It's funny that examples of certain vulnerabilities even include unintended other vulnerabilities, such as the potentially unterminated buffer above. -Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- [Format String vulnerabilities] auto198368 (May 22)
- Re: [Format String vulnerabilities] Frank Knobbe (May 29)
- Re: [Format String vulnerabilities] Gerardo Richarte (May 29)
- RE: [Format String vulnerabilities] Chris Eagle (May 29)
- <Possible follow-ups>
- Re: [Format String vulnerabilities] DownBload (May 23)