How To Identify Buffer Underwrite Vulnerabilities

From Guidance Share
Revision as of 21:02, 1 December 2007 by JD (talk | contribs)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to navigationJump to search

The following is an example of code that may result in a buffer underwrite, should find() returns a negative value to indicate that ch is not found in srcBuf:

int main() {
strncpy(destBuf, &srcBuf[find(srcBuf, ch)], 1024);

If the index to srcBuf is somehow under user control, this is an arbitrary write-what-where condition.