Talkback for article: 190, May2001
Security holes
From: Frank
[ date: 2001-05-16 ]
Great article! But I think there is a mistake in your description
of the strncat function. Let me quote:
> Replacing strcat(buffer1, buffer2);
> with strncat(buffer1, buffer2, sizeof(buffer1)-1);
> eliminates the risk.
However, my system's man page for strncat(3) says:
> The strncat() function is similar [to strcat], except that only the
> first n characters of src [=buffer2] are appended to dest [=buffer1].
That means that the correct strncat call would be:
strncat(buffer1, buffer2, sizeof(buffer1)-1-strnlen(buffer1, sizeof(buffer1)-1));
Doing it this way should assure that buffer1 doesn't overflow,
but I haven't tested it.
From: Fred Raynal <pappy(at)users.sourceforge.net>
[ date: 2001-05-29 ]
Frank, I guess you just prove that cut/paste is a bad way to write an article ;-/
Of course, you are right and we made a mistake, Thanks for fixing it :)
The authors (ashamed)
From: G Salmon <fisher143(at)hotmail.com>
[ date: 2003-04-25 ]
Are there any exploits out there that can successfully conduct buffer overflows against the Heap?
3 talkbacks
in English
Other talkbacks: Castellano
Due to the increased amount of web spam we have deciced to
removed the talkback posting possibility. You can read old talkbacks
but you can no longer post new ones.
Please contact webmaster(at)linuxfocus.org if you have any questions with regards to this talkback
lftalkback version 3.10