Hi all,
I have a C\C++ code that receives a structure over the network, from this form:
struct DataStruct
{
int DataLen;
BYTE* Data;
}
The code I have runs over Data
in a loop of DataLen
times and processes the data.
...The problem:
After the code came to security experts for penetration tests, they prepared a fake application which sends this struct with DataLen
bigger than the real length of Data
. This causes, of course, an access violation exception.
So, the question is - how can I validate the real length of the received Data
? Is it possible without changing the structure?
Thanks in advance.