OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Vuln-Dev Archives: Re: Secure coding in C (was Re: Administrivi

Re: Secure coding in C (was Re: Administrivia #4883)

Subject: Re: Secure coding in C (was Re: Administrivia #4883)
From: Valery Dachev (valeryLINUX.HOME.BG)
Date: Mon Jan 17 2000 - 15:00:15 CST

On Mon, 17 Jan 2000, Vladimir Dubrovin wrote:

> Hello Valery Dachev,
>
> 17.01.00 12:25, you wrote: Secure coding in C (was Re: Administrivia #4883);
>
> V> Lucky you ! You have encountered the \0 symbol after your buffer and
> V> before the end of the segment. Take a look at the situation where the \0
> V> symbol is not there. Your program can explode with "Segmentation
> V> fault" (or "Segmentation violation" in Windows). There's a simple example
> V> in the attachment.
> V> Bye.
> Your example will fail regardless '\0' because there is no bounds
> checking for array at all.
This is what I want to demonstrate to Mr.spin0ff ;) This example shows
that when no bound checking, accessing memory address can cause such
errors ;)))

..........................................................................
:Name : Valery Dachev :Organization: Linux Society of Bulgaria :
:E-Mail : valerylinux.home.bg :E-Mail : infolinux.home.bg :
:Homepage: --- none --- :Homepage : http://linux.home.bg :
:........:......................:............:...........................:

This archive was generated by hypermail 2b27 : Tue Jan 18 2000 - 00:07:16 CST