We are announcing the second challenge. Initially, we wanted to have this out a few days ago but were involved in testing it on multiple platforms. This challenge is a little easier than the first one, since we'd like to see more people attempting to produce a proof-of-concept. If you find it too easy, you're welcome to attempt it in an environment with a non-executable stack/heap to raise the bar a little. Here's a link to the basic guidelines (for those who missed it): http://www.securityfocus.com/archive/82/321615/2003-05-13/2003-05-19/0 (also, please retain the [Vuln-dev Challenge] string in the subject line for replies to make for easier filtering for those not interested in challenge related discussion.) --- /* vulndev2.c */ #include <stdio.h> #include <stdlib.h> #define BFSIZE 90 int main(int argc, char *argv[]) { char *bfp; char buf[BFSIZE]; FILE *f1; if (argc != 3) return 1; if ( (bfp = malloc(BFSIZE)) == NULL) return 1; /* log input */ if ( (f1 = fopen("db.log", "a+")) == NULL) return 1; fprintf(f1, ";;%s;;", argv[2]); fclose(f1); strcpy(buf, argv[1]); /* read log */ if ( (f1 = fopen("db.log", "r")) == NULL) return 1; if (fgets(bfp, BFSIZE, f1) == NULL) return 1; printf("%s\n", bfp); fclose(f1); exit(1); } --- Dave McKinney Symantec keyID: BF919DD7 key fingerprint = 494D 6B7D 4611 7A7A 5DBB 3B29 4D89 3A70 BF91 9DD7
This archive was generated by hypermail 2b30 : Fri May 23 2003 - 15:36:37 PDT