O'Reilly logo

Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Buffer Restrictions

Sometimes a program will place certain restrictions on buffers. This type of data sanity-checking can prevent many vulnerabilities. Consider the following example program, which is used to update product descriptions in a fictitious database. The first argument is the product code, and the second is the updated description. This program doesn't actually update a database, but it does have an obvious vulnerability in it.

Buffer Restrictions

update_info.c

#include <stdio.h> #include <stdlib.h> #include <string.h> #define MAX_ID_LEN 40 #define MAX_DESC_LEN 500 /* Barf a message and exit. */ void barf(char *message, void *extra) { printf(message, extra); exit(1); } /* Pretend this function updates a product description in a database. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required