How To Identify Buffer Underwrite Vulnerabilities

From Guidance Share

(Difference between revisions)
Jump to: navigation, search
Revision as of 03:43, 30 October 2006 (edit)
Admin (Talk | contribs)

← Previous diff
Current revision (21:02, 1 December 2007) (edit)
JD (Talk | contribs)

 
Line 6: Line 6:
} }
If the index to srcBuf is somehow under user control, this is an arbitrary write-what-where condition. If the index to srcBuf is somehow under user control, this is an arbitrary write-what-where condition.
 +
 +[[Category: How To]]

Current revision

The following is an example of code that may result in a buffer underwrite, should find() returns a negative value to indicate that ch is not found in srcBuf:

int main() {
... 
strncpy(destBuf, &srcBuf[find(srcBuf, ch)], 1024);
...
} 

If the index to srcBuf is somehow under user control, this is an arbitrary write-what-where condition.

Personal tools