Secure Programming

With the FireWalls & a mammoth lock on gate, do you think the fort is secure? No. The walls are weak and the daemons standing on gates are gullible. We are here to learn breaking the walls and tricking the deamons, and to learn making them secure. It not about certification bullshit.It's just about CODE. Lets start the drill.
"If you know the enemy and know yourself, your victory will not stand in doubt; if you know Heaven and know Earth, you may make your victory complete" -Art of War

Tuesday, August 02, 2005

Simple Yet Common Again

int catvars(char *buf1, char *buf2, unsigned int len1,
unsigned int len2){
char mybuf[256];

if((len1 + len2) > 256){
return -1;
}

memcpy(mybuf, buf1, len1);
memcpy(mybuf + len1, buf2, len2);

do_some_stuff(mybuf);

return 0;
}

3 comments:

Sid Uppal said...: The second memcpy can be used to overflow "mybuf" if the value of "len1" is less than the actual length of string "buf1". The problem is basically because the code trusts the user to provide the correct value for "len1".

Let me know if I am missing something.; 4:35 AM
SG said...: Did you notice len1 + len2 > 256 ?; 4:46 AM
SG said...: It has two bugs..; 2:29 AM