Hosting Provided By

Re: Administrivia: List Announcement

From: Wojciech Purczynski <cliph(at)isec.pl>
Date: Wed May 14 2003 - 08:12:54 EDT

> > for (i = 0; i <= SIZE && p1[i] != '\0'; i++)

You missed an off-by-one bug.

In case of malloc failure you'll get NULL-pointer dereference at strncpy() or for-loop. No overflows, no double free bugs at all (assuming you have no memory pages mapped at 0x0 ;) )

Cheers,
wp

-- 
Wojciech Purczynski
iSEC Security Research
http://isec.pl/

Received on Wed May 14 11:36:34 2003

This message: [ Message body ]
Next message: Frank Knobbe: "Re: Buffer overflow in Microsoft ftp.exe"
Previous message: Cameron Brown: "RE: vulndev1.c solution (warning SPOILER)"
In reply to Brian Hatch: "Re: Administrivia: List Announcement"
Next in thread: Luciano Miguel Ferreira Rocha: "Re: Administrivia: List Announcement"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:39 EDT