Author Topic: C code errors (Read 458 times)

Kiuhnm · « **on:** October 17, 2014, 05:16:43 pm »

I'm watching
http://www.youtube.com/watch?feature=player_detailpage&v=lbjS2mXyMEQ#t=2148

Consider the following code:

#include <string.h>
#include <stdlib.h>

int main(void) {
  char s1[] = "012345678";
  char dest;
  
  dest = *(char *)malloc(strlen(s1));
}

The author of the video says that the code is vulnerable and an attacker can exploit it.
I don't see how, honestly. I think the author is wrong.
Do you agree?

s3my0n · « **Reply #1 on:** October 17, 2014, 05:45:33 pm »

Not vulnerable since there is no user input.

Deque · « **Reply #2 on:** October 18, 2014, 10:38:03 am »

I don't think you can exploit it in this state. But the code has some serious mistakes, and if it is used productively, it could lead to vulnerable code.

malloc(strlen(s1)) --> forgot to allocate space for the string terminator
return statement is missing (violates the standard)
char dest seems to have the wrong type

kenjoe41 · « **Reply #3 on:** October 18, 2014, 05:32:30 pm »

Quote from: Deque on October 18, 2014, 10:38:03 am

I don't think you can exploit it in this state. But the code has some serious mistakes, and if it is used productively, it could lead to vulnerable code.
malloc(strlen(s1)) --> forgot to allocate space for the string terminator
return statement is missing (violates the standard)
char dest seems to have the wrong type

Ssssh!! Deque is giving C/C++ advice. Cellotape your damn mouth faggot. This only happens once in 40 centuries. The ancestors will flog you for this.

EvilZone

News:

Author Topic: C code errors (Read 458 times)

Kiuhnm

C code errors

s3my0n

Re: C code errors

Deque

Re: C code errors

kenjoe41

Re: C code errors