OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Vuln-Dev Archives: Re: Secure coding in C (was Re: Administrivi

Re: Secure coding in C (was Re: Administrivia #4883)

Subject: Re: Secure coding in C (was Re: Administrivia #4883)
From: Valery Dachev (valeryLINUX.HOME.BG)
Date: Mon Jan 17 2000 - 03:25:20 CST

On Sun, 16 Jan 2000, spin0ff wrote:
> both strlen call will return when they encounter a \0, implying that after
> the third line, len will be long enough to hold a, b and the garbage
> following both a and b. c will be large enough to hold all of this.

Lucky you ! You have encountered the \0 symbol after your buffer and
before the end of the segment. Take a look at the situation where the \0
symbol is not there. Your program can explode with "Segmentation
fault" (or "Segmentation violation" in Windows). There's a simple example
in the attachment.
Bye.

..........................................................................
:Name : Valery Dachev :Organization: Linux Society of Bulgaria :
:E-Mail : valerylinux.home.bg :E-Mail : infolinux.home.bg :
:Homepage: --- none --- :Homepage : http://linux.home.bg :
:........:......................:............:...........................:

This archive was generated by hypermail 2b27 : Mon Jan 17 2000 - 09:57:55 CST