Re: Integer & Heap overflows?

[jnf <lists () nosec net>]

just a few remarks inline.

> The book "Hacking: Art of Exploitation" (ISBN: 1593270070) goes into heap
> overflows, including an example of how to create a root account using a simple
> one.  He also describes shellcode, stack overflows, and format string
> vulnerabilities, among many other things.  Definately a very good read, highly
> recommended.

This book and the shellcoders handbook are both decent, and both have many
errors in the text, and indeed the art of exploitation misses quite a bit
about heap overflows.


> If you want a quick definition of Heap overflows, all it means is that you
> read or write past the end of allocated memory into another piece of allocated
> memory, belonging to a different variable.  That's all it is.

so would:

char buf[ 256 ] ;
char buf2[ 256 ] ;

int main( int argc , char **argv ) {
[ ... ]

be a heap overflow assuming you could overwrite one array into the other?
No. the heap is a specific part of memory, like that stack is a 'special'
part of memory.

jnf




> Loptr Chaote wrote:
>
> > Hello!
> >
> > I was wondering if anyone have good papers/websites lying around
> > describing how Integer overflows and Heap overflows (and also the
> > "off-by-one"[?] bug, if that is not the same as integer overflow).
> >
> > I have found several good ones on stack smashing/regular buffer
> > overflows, but very little on the above mentioned.
> >
> > Best regards
> > Loptr Chaote