Not sure if this helps .... I was trying to come up with a scenario that passed user input to a buffer but the compiler kept barking at me so this is the best I can do. [root@qa5 root]# cat test.java class test { public static void main(String args[]) { String[] test = new String[4]; test[0] = "A"; test[1] = "A"; test[2] = "A"; test[3] = "A"; test[4] = "A"; test[5] = "A"; test[6] = "A"; } } [root@rcmqa5 root]# javac test.java [root@rcmqa5 root]# java test Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 4 at test.main(test.java:11) -KF Felix Harris wrote: >>I was wondering if code written in JAVA(or .NET) is vulnerable to buffer overflows. >>If yes,what are the differences in the proccess of exploiting? >>Any online source? >> > > >well afaik one of the main reasons for creating Java was to make it >a safe language, as there is no complications between pointers >and buffers. Buffers are also lengthchecked, and pointers dont >really have the required scope to be exploited. If there was an >exploit for a java program, it would probably exist as a bug in the >virtual machine, or in a call to a c/c++ program/library. IIRC, there >was something about zlib being exploitable? >-- >Felix Harris >felixat_private >I say goodbye and raindrops taste like tears >In the pouring rain I stand and die alone > >
This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 09:31:46 PDT