How To Identify Heap Overflow Vulnerabilities

From Guidance Share

There are many real-world Examples of buffer overflows, including many popular “industrial” applications, such as E-mail servers (Sendmail) and web servers (Microsoft IIS Server). In code, here is a simple example:

#define BUFSIZE 256
int main(int argc, char **argv) {
char *buf;
buf = (char *)malloc(BUFSIZE);
strcpy(buf, argv[1]);
}

Since argv[1] can be of any length, more than 256 characters can be copied into the variable buf.

Retrieved from "http://www.guidanceshare.com/wiki/How_To_Identify_Heap_Overflow_Vulnerabilities"

Category: How To

Views

Article
Discussion
Edit
History

Personal tools

Search

Toolbox

What links here
Related changes
Upload file
Special pages
Printable version
Permanent link