|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
vulnerabilities in this code chunk
erk_3
hotmail.com
Date: Thu Jun 21 2007 - 17:41:04 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Heylo,
I am trying to find all the vuln's in this code chunk, and the only thing I can come up with is a null pointer dereference. Assume data and data_len are user controlled.
Null pointer happens when passing in a negative number. I was looking hard at the memset functions but I couldn't come up with anything.
Anyone else see anything here?
Thanks!
char *copy_data(char *data, unsigned int data_len)
{
unsigned int header_size = 8;
char *buf;
if (!(buf = malloc(data_len + header_size)))
{
return NULL;
}
memcpy(buf, "HEADER: ", 8);
memcpy(buf + 8, data, data_len);
return buf;
}
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]