EvilZone

Hacking and Security => Hacking and Security => Topic started by: Kiuhnm on October 17, 2014, 05:16:43 PM

Title: C code errors
Post by: Kiuhnm on October 17, 2014, 05:16:43 PM

I'm watching
http://www.youtube.com/watch?feature=player_detailpage&v=lbjS2mXyMEQ#t=2148 (http://www.youtube.com/watch?feature=player_detailpage&v=lbjS2mXyMEQ#t=2148)

Consider the following code:

Code: [Select]

#include <string.h>
#include <stdlib.h>

int main(void) {
  char s1[] = "012345678";
  char dest;
 
  dest = *(char *)malloc(strlen(s1));
}

The author of the video says that the code is vulnerable and an attacker can exploit it.
I don't see how, honestly. I think the author is wrong.
Do you agree?

Title: Re: C code errors
Post by: s3my0n on October 17, 2014, 05:45:33 PM

Not vulnerable since there is no user input.

Title: Re: C code errors
Post by: Deque on October 18, 2014, 10:38:03 AM

I don't think you can exploit it in this state. But the code has some serious mistakes, and if it is used productively, it could lead to vulnerable code.

• malloc(strlen(s1)) --> forgot to allocate space for the string terminator
• return statement is missing (violates the standard)
• char dest seems to have the wrong type

Title: Re: C code errors
Post by: kenjoe41 on October 18, 2014, 05:32:30 PM

Quote from: Deque on October 18, 2014, 10:38:03 AM

I don't think you can exploit it in this state. But the code has some serious mistakes, and if it is used productively, it could lead to vulnerable code.

• malloc(strlen(s1)) --> forgot to allocate space for the string terminator
• return statement is missing (violates the standard)
• char dest seems to have the wrong type

Ssssh!! Deque is giving C/C++ advice. Cellotape your damn mouth faggot. This only happens once in 40 centuries. The ancestors will flog you for this.