On 13 May 2003, xenophi1e wrote: > >We'll kick this off with the first challenge, which was devised by Aaron > >Adams: > > > > strncpy(buf2, p2, SIZE); > > Off-by-one. Third arg should be SIZE-1 to leave room for the terminating > NULL. This error should lead to a heap based vulnerability when the > memory is free()d. You are assuming there is a terminating NULL, there may not be. Although in this example it does not make a difference, but in a real world program it would probably be bad. Take care -- Those who dream by day are cognizant of many things which escape those who dream only by night. -Edgar Allan Poe
This archive was generated by hypermail 2b30 : Tue May 13 2003 - 15:20:44 PDT