Home page logo
/

basics logo Security Basics mailing list archives

Re: Integer & Heap overflows?
From: jnf <lists () nosec net>
Date: Thu, 16 Dec 2004 17:38:15 -0700 (MST)

just a few remarks inline.

The book "Hacking: Art of Exploitation" (ISBN: 1593270070) goes into heap
overflows, including an example of how to create a root account using a simple
one.  He also describes shellcode, stack overflows, and format string
vulnerabilities, among many other things.  Definately a very good read, highly
recommended.

This book and the shellcoders handbook are both decent, and both have many
errors in the text, and indeed the art of exploitation misses quite a bit
about heap overflows.


If you want a quick definition of Heap overflows, all it means is that you
read or write past the end of allocated memory into another piece of allocated
memory, belonging to a different variable.  That's all it is.

so would:

char buf[ 256 ] ;
char buf2[ 256 ] ;

int main( int argc , char **argv ) {
[ ... ]

be a heap overflow assuming you could overwrite one array into the other?
No. the heap is a specific part of memory, like that stack is a 'special'
part of memory.

jnf




Loptr Chaote wrote:

Hello!

I was wondering if anyone have good papers/websites lying around
describing how Integer overflows and Heap overflows (and also the
"off-by-one"[?] bug, if that is not the same as integer overflow).

I have found several good ones on stack smashing/regular buffer
overflows, but very little on the above mentioned.

Best regards
Loptr Chaote









  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault