Re: SIGSEGV, where are you?

From: Michał Pasternak (docat_private)
Date: Tue Feb 12 2002 - 14:43:38 PST

Next message: Michal Zalewski: "Fenris"

Previous message: Gerardo Richarte: "Re: SIGSEGV, where are you?"
In reply to: Gerardo Richarte: "Re: SIGSEGV, where are you?"
Next in thread: Zhodiac: "Re: SIGSEGV, where are you?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Gerardo Richarte [Tue, Feb 12, 2002 at 07:18:28PM -0300]:
> Claes Nyberg wrote:
> 
> > $ cat test.c
> > int main(int argc,char *argv[]) {
> >     char buf[256];
> >
> >         strcpy(buf,argv[1]);
> >         exit(1);
> > }
> PS: Anyway, don't always believe what everybody said... there are situations where it is
> exploitable... different platforms, different architectures maybe. And I've seen really
> creative answers to the problem too

This is kinda tricky for beginners:

  char string = "Test string";
  char *buf = (char *)malloc(strlen(string));
  strcpy(buf, string);
  puts(buf);

On FreeBSD it worked, but sometimes the output contained some random chars
at the end of the string. Simply, strlen() returns length of string without
the null byte. But - when I compiled the code with mingw32 and run it on
Windows, it refused to work (no output, just a window about application and
invalid operation).

-- 
::( Michał Pasternak 
::( http://lublin.t1.pl 
::( +48606570000

Next message: Michal Zalewski: "Fenris"
Previous message: Gerardo Richarte: "Re: SIGSEGV, where are you?"
In reply to: Gerardo Richarte: "Re: SIGSEGV, where are you?"
Next in thread: Zhodiac: "Re: SIGSEGV, where are you?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Feb 12 2002 - 15:02:10 PST