S
Saran
Ok, every so often I run across an article in a forum somewhere that
given a "buffer overflow" a hacker can execute code on the system.
This just seems like a load of bunk to me. I've been programming in
various languages, including, though not limited to, c and cpp, and I
haven never once encountered a situation where writing past the bounds
of a buffer, which is just an array of characters, to suddenly be
converted into some sort of "magical code" that can suddenly wreak
havoc.
In any programming I've done where you can write outside of the bounds
of the buffer (char array), you get UNDEFINED behavior, not some magical
power. Even the C and C++ specs state this.
Can someone please explain to me where this comes from. One example I
just read was an IE6 exploit where using a url that's too logn and
contains "unusual" characters can allow a "hacker to run code on the
system." Again, these look liek total bunk to me, as a URL is just text,
and writting past the bound of the buffer just isn't going to give soem
REMOTE hacker the ability to suddenly jump into your system, or some put
code in there.
Can anyone pelase clear this up? If I'm missing something here please
let me know.
given a "buffer overflow" a hacker can execute code on the system.
This just seems like a load of bunk to me. I've been programming in
various languages, including, though not limited to, c and cpp, and I
haven never once encountered a situation where writing past the bounds
of a buffer, which is just an array of characters, to suddenly be
converted into some sort of "magical code" that can suddenly wreak
havoc.
In any programming I've done where you can write outside of the bounds
of the buffer (char array), you get UNDEFINED behavior, not some magical
power. Even the C and C++ specs state this.
Can someone please explain to me where this comes from. One example I
just read was an IE6 exploit where using a url that's too logn and
contains "unusual" characters can allow a "hacker to run code on the
system." Again, these look liek total bunk to me, as a URL is just text,
and writting past the bound of the buffer just isn't going to give soem
REMOTE hacker the ability to suddenly jump into your system, or some put
code in there.
Can anyone pelase clear this up? If I'm missing something here please
let me know.