Re: protection against buffer overflows
hi ya ralf
i would have thought that gcc would barf on b[20]='X'
and similarly for theother variable assignments since its not prev
allocated/defined.. and yet explicitly assigned (incorrectly??)...
its lot harder to control when the coder does
strcpy or readln() without first chcking the length of the variables
C-code-checkers
http://www.Linux-Sec.net/Audit/#Code
have fun linuxing
alvin
On Thu, 24 Jan 2002, Ralf Dreibrodt wrote:
> hi,
>
> > anyone to offer any
> > explanation will be showered with greatness!
>
> here is an example:
>
> #include <stdio.h>
>
> void example()
> {
> char a[10];
> char b[10];
> strcpy(a, "123456789");
> printf ("a: %s\n", a);
> b[20]='X';
> b[21]='Y';
> b[22]='Z';
> printf("a: %s\n", a);
> return;
> }
> main()
> {
> example();
> }
>
> debian:/tmp# ./example
> a: 123456789
> a: 12345678XYZ¿|ýÿ¿?0
>
> now imagine you receive the numbers 20, 21 and 22 and letters X, Y and Z
> from user input.
>
> bye
> Ralf
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: