Re: patch to login, dmesg and obscure

Ronny L Nilsson wrote:
> > Example:
> > old = "123" (4 bytes)
> > wrapped allocated = 3*2 + 1 = 7 bytes.
> > first initialisez only 4 bytes = "123"
> > after strcat resut is "123123" - 7 bytes.
> > Not overflow.
>
>
>
>
> This start to be realy fun soon...  :-)  The litte prog below mimics
> password_check() behaviour and it sure craches on my machine. Howcome?
> It shouldn't if you're right.
>
> /Ronny
>
>
>         strcat(wrapped, wrapped);

Simple explanation:

start of strcat: wrapped = "0123456789\0"
after first iteration: wrapped = "01234567890"

No terminating '\0' byte anymore and since wrapped is also the cat'ed
string, characters are append until a \0 is hit in the following memory
areas (if there _are_ any mapped areas beyond that string)

cu
Robert