Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Format String Vulnerabilities
From: andy.x.johnson () cummins com
Date: 18 May 2007 19:03:59 -0000

I can assume the string format function is using 'strcpy' to copy the format into a pointer.  The easiest solution is 
to rewrite the code to use the bounds checking version 'strncpy'.  This will keep the overflow from happening no matter 
where the pointer address is referenced on the stack.

This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]