Pantek Library

Hosting Provided By

CybrHost

High Speed Hosting

Re: Administrivia: List Announcement

From: xenophi1e <oliver.lavery(at)sympatico.ca>
Date: Tue May 13 2003 - 13:06:32 EDT

('binary' encoding is not supported, stored as-is)
In-Reply-To: <Pine.LNX.4.55.0305131019280.11354@mail.securityfocus.com>

This is a very good idea. This mailinglist is a good resource, but it could be a little more 'fun'...

I'll take a whack.

>
>We'll kick this off with the first challenge, which was devised by Aaron

Off-by-one. Third arg should be SIZE-1 to leave room for the terminating NULL. This error should lead to a heap based vulnerability when the memory is free()d.

> for (i = 0; i <= SIZE && p1[i] != '\0'; i++)

Condition should be < SIZE. <= SIZE leads to the same vuln as above. This is also a shabby way to copy a string on architectures with a bigger word size than 8bits. The number of ops can be reduced by copying through a 32bit register and then using 8bits for the remaining < 4 bytes.

Cheers,
~ol Received on Tue May 13 15:30:17 2003

This message: [ Message body ]
Next message: David Riley: "Re: Administrivia: List Announcement"
Previous message: xenophi1e: "Re: MSIE integer overflows"
In reply to Dave McKinney: "Administrivia: List Announcement"
Next in thread: Eric Haugh: "Re: Administrivia: List Announcement"
Reply: Eric Haugh: "Re: Administrivia: List Announcement"
Reply: Shafik Yaghmour: "Re: Administrivia: List Announcement"
Reply: Gustavo Scotti: "RE: Administrivia: List Announcement"
Reply: Nexus: "Re: Administrivia: List Announcement"
Reply: Oliver Lavery: "RE: Administrivia: List Announcement"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:39 EDT

Do you need help?

Contact Us Legal Notices Order Services Online
Pantek Home Privacy Policy IT news Site Map Pantek Library