vulnerabilities in this code chunk
- From: erk_3@xxxxxxxxxxx
- Date: 21 Jun 2007 22:41:04 -0000
I am trying to find all the vuln's in this code chunk, and the only thing I can come up with is a null pointer dereference. Assume data and data_len are user controlled.
Null pointer happens when passing in a negative number. I was looking hard at the memset functions but I couldn't come up with anything.
Anyone else see anything here?
char *copy_data(char *data, unsigned int data_len)
unsigned int header_size = 8;
if (!(buf = malloc(data_len + header_size)))
memcpy(buf, "HEADER: ", 8);
memcpy(buf + 8, data, data_len);
- Prev by Date: CFP: 3rd European Conference on Computer Network Defense (EC2ND) in Crete, Greece
- Next by Date: creating a "cc" opcode from ASCII shell code
- Previous by thread: CFP: 3rd European Conference on Computer Network Defense (EC2ND) in Crete, Greece
- Next by thread: Re: vulnerabilities in this code chunk