Is there any way to bypass SSP (StackSmashing Protection)/Propolice ?
After some research i haven't found any paper describing method to do this (no even an unreliable one). It seems that SSP (StackSmashing Protection)/Propolice ...
buffer-overflow
BufferOverflowException when generating Javadoc?
Hi, Has anybody ever had problems with the javadoc tool causing a java.nio.BufferOverflowException? I'm trying to generate Javadoc for code with Japanese comments (charset MS932). I think that might be related. Does anybody know of a workaround for this problem? Here's the stacktrace: java.nio.BufferOverflowException at java.nio.Buff...
Preventing buffer overflow in C/C++
Many times I have problems with Buffer Overflow. int y[10][10][10]; ... y[0][15][3] = 8; How can I prevent this problem? Is there any good tool that can help me? ...
What is the difference between a stack overflow and buffer overflow ?
What is different between stack overflow and buffer overflow in Programming ? ...
Why on earth would anyone use strncpy instead of strcpy?
Edit: I've added the source for the example. I came across this example: char source[MAX] = "123456789"; char source1[MAX] = "123456789"; char destination[MAX] = "abcdefg"; char destination1[MAX] = "abcdefg"; char *return_string; int index = 5; /* This is how strcpy works */ printf("destination is originally = '%s'\n", destination); r...
Are snprintf and friends safe to use?
There was a question recently on SO (Why on earth would anyone use strncpy instead of strcpy?), which hade answers (answer 1, answer 2), that made me uncertain about other string functions with 'n' in their name, like snprintf (which I have been using extensively). Is snprintf safe to use? And generally, what are the safe functions from ...
Can you give an example of a buffer overflow?
I've heard so much about buffer overflows and believe I understand the problem but I still don't see an example of say char buffer[16]; //code that will over write that buffer and launch notepad.exe ...
Setting up Environment for Buffer Overflow Learning
I am currently reading several security books(my passion) regarding secure programming, however either the distro's they provide on disc are faulty, or non-existent. Books:Hacking The art of Exploitation 2nEd, Grey Hat hacking 2nEd The issue is that when i try to follow the examples, obviously newer distros have stack protection and othe...
strcpy when dest buffer is smaller than src buffer
I am trying to understand the difference/disadvantages of strcpy and strncpy. Can somebody please help: void main() { char src[] = "this is a long string"; char dest[5]; strcpy(dest,src) ; printf("%s \n", dest); printf("%s \n", src); } The output is: this is a long string a long string QUESTION: I dont understand, how the sou...
Buffer overflow - Windows vs Unix
I'm trying to figure out the security concerns between buffer overflows in Windows vs Unix. As I understand it, the buffer overflow Windows hack cannot be implemented in Unix because each process is given it's own memory space. Does this mean that processes in Windows share memory space? ...
How to disable buffer overflow checking in the Visual C++ Runtime?
i, and a few thousand other people, are getting an error being thrown by the Microsoft Visual C++ Runtime: Which for the benefit of search engines, says: Microsoft Visual C++ Runtime Library Buffer overrun detected! Program: %s A buffer overrun has been detected which has corrupted the program's internal state. The program cannot ...
Memory overwrite problem.
Hello, I have one C code app. which i was building using MS-VS2005. I had one output data buffer which was being allocated dynamically using malloc. For some test cases, the memory size which was being malloc'd was falling short than the the actual output size in bytes which was generated. That larger sized output was written into the ...
Overflow over scanf("%8s", string)?
Hi, I know it's possible to overflow ordinary code: char string[9]; scanf("%s", string). But is it possible to overflow scanf("%8s", string)? 8 is just an example. I know "%8s" works like a delimit, but I also notice when I input string longer than 8 chars, the program will terminate due to: * stack smashing detected *: ./a.out ter...
This form of use of printf api makes it safer?
char str[] = "some text"; printf ( "%.*s", strlen(str), str ); ** Of course, their buffers, strings yet to be properly targeted ...
Why would buffer overruns cause segmentation faults when accessing an integer?
During a call to function B() from function A(), B() allocates a 100-char array and fills it several times, including once with a 101-character string and once with a 110 character string. This is an obvious mistake. Later, function A() tries to access completely unrelated int variable i, and a segmentation fault occurs. I understand ...
Buffer Overflow Memory Map interpretation.
Hi, I'm tackling a trivial buffer overflow (yes, exploitation; but unrelated to the problem) I'm trying to figure out the fields in the memory map, when GCC's stack protector is enabled. As an illustration: $ ./overflow *** stack smashing detected ***: ./overflow terminated ======= Backtrace: ========= /lib/tls/i686/cmov/libc.so.6(__for...
sprintf(buf, "%.20g", x) // how large should buf be?
I am converting double values to string like this: std::string conv(double x) { char buf[30]; sprintf(buf, "%.20g", x); return buf; } I have hardcoded the buffer size to 30, but am not sure if this is large enough for all cases. How can I find out the maximum buffer size I need? Does the precision get higher (and theref...
Writing Secure C and Secure C Idioms.
"The average man does not want to be free. He simply wants to be safe." - H. L. Menken I am attempting to write very secure C. Below I list some of the technics I use and ask are they as secure as I think they are. By all means, please don't not hesitate to tear my code/preconceptions to shreds. Any answer that finds even the most t...
why is this code causing runtime error?
#include <stdio.h> #include <stdlib.h> #include <string.h> int main() { char *a = "Hello "; const char *b = "World"; printf("%s", strcat(a, b)); system("PAUSE"); return EXIT_SUCCESS; } ...
How to conduct buffer overflow in PHP/Python?
Here is an example in c: #include <stdio.h> #include <string.h> void bad() { printf("Oh shit really bad~!\r\n"); } void foo() { char overme[4] = "WOW"; *(int*)(overme+8) = (int)bad; } int main() { foo(); } ...