Vulnerability Development: Re: argc issue

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: argc issue

From: jlongs2 () uic edu
Date: Thu, 25 May 2006 15:28:00 -0500 (CDT)


On Tue, 23 May 2006, padre () correo ugr es wrote:

int main (int argc, char **argv)
{
char *a;
char *b;

a=malloc(char *)(100);
b=malloc(char *)(100);

if (argc)
   exit (-1);
else {
     strcpy(a,argv[1]);
     }

free (a);

return 0;
}

You're going to have to execve(2) that program from another program, inorder to control its argv/argc.


printargc.c:
int main(int argc, char **argv)
{
    printf("%d\n",argc);
}

execargc.c:
int main()
{
    char *av = 0;
    execve("./printargc",&av,0);
}

$ ./printargc
1
$ ./execargc
0

This doesn't leave you much of anywhere though, because you can't fillthat buffer...

By Date By Thread

Current thread:

argc issue padre (May 25)
- RE: argc issue Chris Eagle (May 26)
- Re: argc issue 3APA3A (May 26)
- Re: argc issue Valdis . Kletnieks (May 26)
- Re: argc issue mike davis (May 26)
- Re: argc issue jlongs2 (May 29)