How To Identify Heap Overflow Vulnerabilities

From Guidance Share

Revision as of 21:02, 1 December 2007; JD (Talk | contribs)
(diff) ←Older revision | Current revision | Newer revision→ (diff)
Jump to: navigation, search

There are many real-world Examples of buffer overflows, including many popular “industrial” applications, such as E-mail servers (Sendmail) and web servers (Microsoft IIS Server). In code, here is a simple example:

#define BUFSIZE 256
int main(int argc, char **argv) {
char *buf;
buf = (char *)malloc(BUFSIZE);
strcpy(buf, argv[1]);
}

Since argv[1] can be of any length, more than 256 characters can be copied into the variable buf.

Personal tools