Comments on: Buffer Overflows – More than Annoying Crashes Your article was great and concise btw. I just posted the link to Smashing The Stack for anyone wanting to read on further. -r Your article was great and concise btw. I just posted the link to Smashing The Stack for anyone wanting to read on further.

-r

]]>
By: Joe Hegarty/2011/06/06/buffer-overflows/#comment-5233 Joe Hegarty Tue, 07 Jun 2011 03:32:52 +0000 There's a classic Phrack article about this that goes into some greater depth regarding the generation valid code to be executed (i.e. "Shell code"). http://insecure.org/stf/smashstack.html It's eye opening in regards to learning about how your code and memory fit together and how compilers actually generate binaries. -r There’s a classic Phrack article about this that goes into some greater depth regarding the generation valid code to be executed (i.e. “Shell code”).

Not only that, people have a habit of using strncpy(buffer, password, strlen(password)); as conceptually that's what you want to do, Microsoft's strncpy_s method has an explicit argument for the target length as well, so you can't just absently do that accidently. Not only that, people have a habit of using strncpy(buffer, password, strlen(password)); as conceptually that’s what you want to do, Microsoft’s strncpy_s method has an explicit argument for the target length as well, so you can’t just absently do that accidently.

]]>
By: Adam/2011/06/06/buffer-overflows/#comment-5177 Adam Mon, 06 Jun 2011 11:00:01 +0000 Thanks, interesting read! Why would strncpy be unsafe here? Thanks, interesting read!

Why would strncpy be unsafe here?

]]>
By: Joe Hegarty/2011/06/06/buffer-overflows/#comment-5169 Joe Hegarty Mon, 06 Jun 2011 05:50:44 +0000 ) and ASLR (see
Extremely useful article, thanks. I had heard about how buffer overruns can create security holes but never knew how it was exploited. How would you run arbitrary code with that type of exploit? You can only execute a function in the application's virtual address space, which you don't have write access to correct? Extremely useful article, thanks. I had heard about how buffer overruns can create security holes but never knew how it was exploited.

How would you run arbitrary code with that type of exploit? You can only execute a function in the application’s virtual address space, which you don’t have write access to correct?

]]>