Re: Administrivia: List Announcement

From: Shafik Yaghmour (subsat_private)
Date: Tue May 13 2003 - 12:21:50 PDT

Next message: Gustavo Scotti: "RE: Administrivia: List Announcement"

Previous message: Mr. Rufus Faloofus: "Re: Administrivia: List Announcement"
In reply to: xenophi1e: "Re: Administrivia: List Announcement"
Next in thread: Gustavo Scotti: "RE: Administrivia: List Announcement"
Next in thread: David Riley: "Re: Administrivia: List Announcement"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 13 May 2003, xenophi1e wrote:

> >We'll kick this off with the first challenge, which was devised by Aaron
> >Adams:
> >
> >        strncpy(buf2, p2, SIZE);
> 
> Off-by-one. Third arg should be SIZE-1 to leave room for the terminating 
> NULL. This error should lead to a heap based vulnerability when the 
> memory is free()d.

	You are assuming there is a terminating NULL, there may not be. 
Although in this example it does not make a difference, but in a real 
world program it would probably be bad.

Take care

-- 
Those who dream by day are cognizant of many things which escape those who
dream only by night. -Edgar Allan Poe

Next message: Gustavo Scotti: "RE: Administrivia: List Announcement"
Previous message: Mr. Rufus Faloofus: "Re: Administrivia: List Announcement"
In reply to: xenophi1e: "Re: Administrivia: List Announcement"
Next in thread: Gustavo Scotti: "RE: Administrivia: List Announcement"
Next in thread: David Riley: "Re: Administrivia: List Announcement"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 13 2003 - 15:20:44 PDT