Re: Administrivia: List Announcement
From: Shafik Yaghmour (subs_at_shafik.net)
Date: 05/13/03
- Previous message: Mr. Rufus Faloofus: "Re: Administrivia: List Announcement"
- In reply to: xenophi1e: "Re: Administrivia: List Announcement"
- Next in thread: Oliver Lavery: "RE: Administrivia: List Announcement"
- Reply: Oliver Lavery: "RE: Administrivia: List Announcement"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 13 May 2003 15:21:50 -0400 (EDT) To: xenophi1e <oliver.lavery@sympatico.ca>
On 13 May 2003, xenophi1e wrote:
> >We'll kick this off with the first challenge, which was devised by Aaron
> >Adams:
> >
> > strncpy(buf2, p2, SIZE);
>
> Off-by-one. Third arg should be SIZE-1 to leave room for the terminating
> NULL. This error should lead to a heap based vulnerability when the
> memory is free()d.
You are assuming there is a terminating NULL, there may not be.
Although in this example it does not make a difference, but in a real
world program it would probably be bad.
Take care
-- Those who dream by day are cognizant of many things which escape those who dream only by night. -Edgar Allan Poe
- Previous message: Mr. Rufus Faloofus: "Re: Administrivia: List Announcement"
- In reply to: xenophi1e: "Re: Administrivia: List Announcement"
- Next in thread: Oliver Lavery: "RE: Administrivia: List Announcement"
- Reply: Oliver Lavery: "RE: Administrivia: List Announcement"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
