[BusyBox] patch to login, dmesg and obscure
Robert Griebl
griebl at gmx.de
Mon Jul 28 17:01:40 UTC 2003
Ronny L Nilsson wrote:
>>Example:
>>old = "123" (4 bytes)
>>wrapped allocated = 3*2 + 1 = 7 bytes.
>>first initialisez only 4 bytes = "123"
>>after strcat resut is "123123" - 7 bytes.
>>Not overflow.
>
>
>
>
> This start to be realy fun soon... :-) The litte prog below mimics
> password_check() behaviour and it sure craches on my machine. Howcome?
> It shouldn't if you're right.
>
> /Ronny
>
>
> strcat(wrapped, wrapped);
Simple explanation:
start of strcat: wrapped = "0123456789\0"
after first iteration: wrapped = "01234567890"
No terminating '\0' byte anymore and since wrapped is also the cat'ed
string, characters are append until a \0 is hit in the following memory
areas (if there _are_ any mapped areas beyond that string)
cu
Robert
More information about the busybox
mailing list