logo       
Google Custom Search
    AddThis Social Bookmark Button
<prev   next>
-->

Re: strlen(NULL) exploitable?: msg#00007

Subject: Re: strlen(NULL) exploitable? 
On 5/16/05, Uwe Hermann <uwe@xxxxxxxxxxxxxx> wrote:
> Hi all,
>
> I have found a possible security issue in a setuid root program today.
> Using some well-crafted commandline parameters I can force the application
> to segfault. I analyzed this a bit further and found out that the segfault
> is triggered by a strlen(x) call where x is NULL.

I'd  consider it a security vulnerability on the basis that according
to the C standard the behaviour of strlen(NULL) is undefined so
literally anything could happen (for example allowing the user to gain
read access to secret infromation in memory),

Imran
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Are browser DOS bugs are still security bugs?, Steve Kemp
Previous by Thread:  Re: strlen(NULL) exploitable?, Uwe Hermann
Next by Thread:  Are browser DOS bugs are still security bugs?, Steve Kemp
Indexes:  [Date] [Thread] [Top] [All Lists]

    ^^^ ADDITIONAL NAVIGATION ^^^

  
Google Custom Search

Recently Viewed:
mail.spam.rbl.s...    php.seagull.gen...    culture.religio...    qnx.openqnx.dev...    gnome.love/2006...    bug-tracking.re...    user-groups.lin...    yellowdog.gener...    handhelds.ipaq....    kde.announce/20...    java.mx4j.devel...    xfree86.expert/...    recreation.cars...    text.xml.expat....    web.zope.zope3/...    version-control...    db.carob.cvs/20...    freebsd.perform...    ecos.cvs/2003-0...    linux.hotplug.d...    systemtap/2006-...    os.freebsd.secu...   
Home | blog view | USPTO Patent Archive (NEW!) | advertise | OSDir is an inevitable website. super tiny logo