Evan Martin (evan) wrote in evan_tech,
Evan Martin
evan
evan_tech

(feh, messed this up once.
and somehow i don't actually own this community? so i made it friends-only and now i can't get the post back?)

Spot the security hole (from conjecture):
struct header {
    int cmd, id, len;
};

[...]

struct header hdr;
char buf[1024], ubuf[1024];
if(read(sock, &hdr, sizeof(hdr)) != sizeof(hdr))
    exit(-1);
if(hdr.len < sizeof(hdr) || hdr.len > 1024)
    exit(-1);
read(sock, buf, hdr.len);
buf[1023] = 0;
snprintf(ubuf, sizeof(ubuf), "command was %s", buf);
Subscribe

  • blog moved

    As described elsewhere, I've quit LiveJournal. If you're interested in my continuing posts, you should look at one of these (each contains feed…

  • dremel

    They published a paper on Dremel, my favorite previously-unpublished tool from the Google toolchest. Greg Linden discusses it: "[...] it is capable…

  • treemaps

    I finally wrote up my recent adventures in treemapping, complete with nifty clickable visualizations.

  • Post a new comment

    Error

    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 17 comments

  • blog moved

    As described elsewhere, I've quit LiveJournal. If you're interested in my continuing posts, you should look at one of these (each contains feed…

  • dremel

    They published a paper on Dremel, my favorite previously-unpublished tool from the Google toolchest. Greg Linden discusses it: "[...] it is capable…

  • treemaps

    I finally wrote up my recent adventures in treemapping, complete with nifty clickable visualizations.