Re: Administrivia: List Announcement

On 13 May 2003 at 10:25, Dave McKinney wrote:

> ... The basic idea is that people are presented with a

> We'll kick this off with the first challenge, which was devised by Aaron

I have to confess that I've not done hardly any C programming in a LOT of years, but there's at least one obvious problem in this little program:

> char *buf1 = malloc(SIZE);
>
> for (i = 0; i <= SIZE && p1[i] != '\0'; i++)

                      ^^^^^^^^^


>                 buf1[i] = p1[i];

that's clearly off by one and so the loop will run at least one char past the end of buf1, clobbering one byte beyond the end of the chunk of space that got malloc'ed for buf1.

What harm that causes is hard to evaluate, though, isn't it? Doesn't it depend a lot on how a particular C compiler lays things out and how the libraries (in particular, malloc) work and what else the program has been doing?

  /Bernie\

-- 
Bernie Cosell                     Fantasy Farm Fibers
mailto:bernie@fantasyfarm.com     Pearisburg, VA
    -->  Too many people, too few sheep  <--       

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek