How To Identify Stack Overflow Vulnerabilities

From Guidance Share
Revision as of 21:01, 1 December 2007 by JD (talk | contribs)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to navigationJump to search

DELETE PAGE; REPLACED WITH -- How To Recognize Stack Overflow Vulnerabilities


There are many real-world Examples of buffer overflows, including many popular “industrial” applications, such as E-mail servers (Sendmail) and web servers (Microsoft IIS Server). In code, here is a simple example: 

#define BUFSIZE 256
int main(int argc, char **argv) {
char buf[BUFSIZE];
strcpy(buf, argv[1]);
}

Since argv[1] can be of any length, more than 256 characters can be copied into the variable buf.