-
February 20th, 2003, 03:02 PM
#1
Basic Integer Overflows
I was reading phrack and noticed this neat lil' article on integer overflows... i found it quite interesting and already have to start working on protecting some of my scripts
--[ Conclusion
Integer overflows can be extremely dangerous, partly because it is
impossible to detect them after they have happened. If an integer overflow
takes place, the application cannot know that the calculation it has
performed is incorrect, and it will continue under the assumption that it
is. Even though they can be difficult to exploit, and frequently cannot be
exploited at all, they can cause unepected behaviour, which is never a good
thing in a secure system.
Code:
/* ex1.c - loss of precision */
#include <stdio.h>
int main(void){
int l;
short s;
char c;
l = 0xdeadbeef;
s = l;
c = l;
printf("l = 0x%x (%d bits)\n", l, sizeof(l) * 8);
printf("s = 0x%x (%d bits)\n", s, sizeof(s) * 8);
printf("c = 0x%x (%d bits)\n", c, sizeof(c) * 8);
return 0;
}
/* EOF */
The output of which looks like this:
nova:signed {48} ./ex1
l = 0xdeadbeef (32 bits)
s = 0xffffbeef (16 bits)
c = 0xffffffef (8 bits)
taken from http://www.phrack-dont-give-a-****-a....php?p=60&a=10
yeah, I\'m gonna need that by friday...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|