the smaller the addresses, the more the stack is filled. (1) Your stack typically "grows" backwards, i.e. comes from uncontrolled sources, you are very close to generating a buffer overflow vulnerability. And what physically happens next, may well be a major security hole. However, the world does not stop simply because someone did not define what exactly should happen next. As other posters have noted, it invokes UB. Use compilers, which are able to identify unsafe functions, logic errorsĪnd check if the memory is overwritten when and where it shouldn’t be.It makes a lot of sense to consider what happens in your and, more importantly, similar, cases. Remember that you have to do it only once. Time spent on that will benefit in theįuture. Those functions which don’t have safe equivalents should be rewritten Use safe equivalent functions, which check the buffers length, whenever realpath() - return absolute (full) path.sprintf() -\> snprintf() - fill buffer with data of different types.strcat() -\> strncat() - buffer concatenation.strcpy() -\> strncpy() - copy content of the buffer.List of such functions and, if they exist, their safe equivalents: The problem lies in native C functions, whichĭon’t care about doing appropriate buffer length checks. These kinds of errors are very easy to make.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |