Not sure if this helps .... I was trying to come up with a scenario that
passed user input to a buffer but the compiler kept barking at me so
this is the best I can do.
[root@qa5 root]# cat test.java
class test
{
public static void main(String args[])
{
String[] test = new String[4];
test[0] = "A";
test[1] = "A";
test[2] = "A";
test[3] = "A";
test[4] = "A";
test[5] = "A";
test[6] = "A";
}
}
[root@rcmqa5 root]# javac test.java
[root@rcmqa5 root]# java test
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 4
at test.main(test.java:11)
-KF
Felix Harris wrote:
>>I was wondering if code written in JAVA(or .NET) is vulnerable to buffer overflows.
>>If yes,what are the differences in the proccess of exploiting?
>>Any online source?
>>
>
>
>well afaik one of the main reasons for creating Java was to make it
>a safe language, as there is no complications between pointers
>and buffers. Buffers are also lengthchecked, and pointers dont
>really have the required scope to be exploited. If there was an
>exploit for a java program, it would probably exist as a bug in the
>virtual machine, or in a call to a c/c++ program/library. IIRC, there
>was something about zlib being exploitable?
>--
>Felix Harris
>felixat_private
>I say goodbye and raindrops taste like tears
>In the pouring rain I stand and die alone
>
>
This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 09:31:46 PDT