I'm not a Linux C guru but i don't think that will help. You are still
copying over memory.
If I'm not wrong, exit(1) means "exit with failure", your program will
signal to the OS that your program failed in execution.
The only thing that would help you is to...
#include <stdio.h>
int main(int argc, char **argv)
{
char buf[100+1]; // + NULL
strncpy(argv[1], buf, 100);
exit(1);
}
/ Kenny
-----Ursprungligt meddelande-----
Fran: listadmin@linuxsecurity.com
[mailto:listadmin@linuxsecurity.com]For Trano
Skickat: den 8 januari 2002 23:29
Till: Dave Wreski
Amne: Re: Avoiding Buffer Overflows
Hi there.
That's now a bit off topic from the original question/discussion, but
also regarded to buffer overflows and avoiding them.
Someone told me a program like this:
[--snip--]
#include <stdio.h>
int
main(int argc, char **argv)
{
char buf[100];
strcpy(buf, argv[1]);
exit(1);
}
[--snip--]
would not be exploitable because of the "exit(1)".
I'm not familiar with C yet so I don't know if he's right or not. I
looked for some text which handles this topic but I couldn't find
one. Even Smashing the stack for fun and profit doesn't mention this
aspect so now I'm confused.
May someone here can tell me what's right :-)
thx a lot
Tom
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
