Vuln Dev
vulnerabilities in this code chunk Jun 21 2007 10:41PM
erk_3 hotmail com
Heylo,

I am trying to find all the vuln's in this code chunk, and the only thing I can come up with is a null pointer dereference. Assume data and data_len are user controlled.

Null pointer happens when passing in a negative number. I was looking hard at the memset functions but I couldn't come up with anything.

Anyone else see anything here?

Thanks!

char *copy_data(char *data, unsigned int data_len)

{

unsigned int header_size = 8;

char *buf;

if (!(buf = malloc(data_len + header_size)))

{

return NULL;

}

memcpy(buf, "HEADER: ", 8);

memcpy(buf + 8, data, data_len);

return buf;

}

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus