EvilZone

Hacking and Security => Hacking and Security => : Kiuhnm October 17, 2014, 05:16:43 PM

: C code errors
: Kiuhnm October 17, 2014, 05:16:43 PM

I'm watching
http://www.youtube.com/watch?feature=player_detailpage&v=lbjS2mXyMEQ#t=2148 (http://www.youtube.com/watch?feature=player_detailpage&v=lbjS2mXyMEQ#t=2148)

Consider the following code:

:

#include <string.h>
#include <stdlib.h>

int main(void) {
  char s1[] = "012345678";
  char dest;
 
  dest = *(char *)malloc(strlen(s1));
}

The author of the video says that the code is vulnerable and an attacker can exploit it.
I don't see how, honestly. I think the author is wrong.
Do you agree?

: Re: C code errors
: s3my0n October 17, 2014, 05:45:33 PM

Not vulnerable since there is no user input.

: Re: C code errors
: Deque October 18, 2014, 10:38:03 AM

I don't think you can exploit it in this state. But the code has some serious mistakes, and if it is used productively, it could lead to vulnerable code.

• malloc(strlen(s1)) --> forgot to allocate space for the string terminator
• return statement is missing (violates the standard)
• char dest seems to have the wrong type

: Re: C code errors
: kenjoe41 October 18, 2014, 05:32:30 PM

: Deque  October 18, 2014, 10:38:03 AM

I don't think you can exploit it in this state. But the code has some serious mistakes, and if it is used productively, it could lead to vulnerable code.

• malloc(strlen(s1)) --> forgot to allocate space for the string terminator
• return statement is missing (violates the standard)
• char dest seems to have the wrong type

Ssssh!! Deque is giving C/C++ advice. Cellotape your damn mouth faggot. This only happens once in 40 centuries. The ancestors will flog you for this.