|
Vulnerability Development
mailing list archives
Re: static char overflow
From: SpaceWalker <spacewalker () altern org>
Date: Thu, 2 May 2002 17:08:53 +0200
The malloc algorithms are vulnerable to buffer overflow in most conditions, which I don't think I realised here :
after the overflow, you need a free or a malloc, which will try to optimise the heap, and will overwrite some location
of the memory.
your static char [] is located in the bss; this mean it's into the heap, but before malloc informations;
if you don't have any malloc() before and no any free() or malloc behind, things you overwrite will never cause crash,
unless you don't go through the brk() zone.
There are a lot of articles in the net explaining buffer overflow in the heap, and two really good ones are in phrack
the-one-before-last, you can find it at www.phrack.com
please correct me if I'm wrong
SpaceWalker
On Wed, 01 May 2002 22:14:10 +0200
melsa <3melsa3 () mail ru> wrote:
but what about the heap ?
----------------------------------------------------------
main(int argc,char **argv)
{
static char buf [1024];
strcpy(buf,argv[1]);
printf("%s",buf);
}
 By Date 
By Thread
Current thread:
|
Intro
