|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Format String vulnerabilities]
From: Frank Knobbe (frank
knobbe.us)
Date: Fri May 28 2004 - 11:41:20 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sat, 2004-05-22 at 07:48, auto198368hushmail.com wrote:
> (taken from NN-formats.txt [NOP Ninjas - Format String Technique])
> fmt1.c ----------------------------------------------------
>
> int main(int argc, char *argv[]) {
> char buf[1024];
>
> strncpy(buf, argv[1], sizeof(buf));
> printf(argv[1]);
> printf("\n");
> }
> ------------------------------------------------------------
It's funny that examples of certain vulnerabilities even include
unintended other vulnerabilities, such as the potentially unterminated
buffer above.
-Frank
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQBAt2uwJjGc5ftAw8wRAmfcAJ9AGJoahNhFxYhaCXJrNpG1dU2Z0wCfdc9c
559zJv7wo91J2IEZboW1dVs=
=PmrO
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]