buffer overflow

[sec_ware]

Hi

I like your approach to learn the issue of buffer overflows. As per answering
your question:

Simply spoken, all buffer overflows have in common that you are using some
fixed buffer or you allow the user (or service) to specify the buffer to be
allocated. While the latter seems strange, still nowadays some (older)
applications are in use, which actually trust their clients, allowing for this
scenario.

Because of this generic character, it is thus impossible to give a complete
list (I wouldn't be able to) - sure, check for strcpy, scanf etc. but, more
general, check for all parts in your code where user (or service/protocol/...)
input from "outside" is used - directly, or more difficult to detect, indirectly.
For example, with your little server - what happens with the recv-buffer?
When do you use it, where does it have some impact?

Furthermore, which OS do you use, which Programming Language, which
Framework? It all depends - in particular the existence of a vulnerability:
even if you have found a security flaw, a vulnerable state, which
allows to reach a compromised state using authorised transitions, may not
exist at all.

If you post reasonable code-snippets, I will try to have a look at it

Cheers, and good luck.

P.s. Nowaday, fuzzers become more and more popular. What kind of protocol
are you using? You may find one, which will be appropriate to find some flaw
in your program.

[mystic-d]

first of all, thanks sec_ware !
the protocol that running is TCP and i tryed to send data and triggered the overflow and when im watching ollydbg i saw that the eip is overwrited by this address: 000012FF (no matter is im sending 1 byte more or 500 bytes more), and i want to know if this is a well known address or something common ?

if some1 know a good article (and programs) about fuzzer ,i`ll apericate her help..