...He copies null-terminated strings.
And the hackers wanted in.
"I don't know who this function is, but I want him and his thread dead!"
He had one loop iteration. And his loop iteration was to copy data from one memory location to another.
Brian Kernighan...
"Listen to me! These are my null-terminated strings and I'm not going to let them overflow my buffers!"
"You have to get out of here! They're trying to kill -9 you!"
Filled with breakpoints:
"Everybody get down!"
..And more breakpoints:
"Everybody get down again!"
They didn't know where the allocated memory was...
"¡10011101 10110111!"
"Listen to me! They're trying to overflow my buffers, you have to get out of here!"
...
One man page, one post-condition. Brian Kernighan this summer is--
"NNNUUUUULLLLLLL!"
--... Little strcpy() Boy.
Pablo Francisco is one funny dude. I'll just say that much. And I will also say this: buffer overflows are no laughing matter when it comes to security issues. So yeah, these are the kinds of posts you will get from me when I have absolutely nothing beneficial to say whatsoever.
But wait, I do have something to say! I added a couple of links to pezad.com now, so we can actually use the site for linking to everything that pezad is involved in. EXIT_SUCCESS, baby!
1 comment:
Oh Pablo, how I neither lament, nor rue your comedy. That's one funny pup, and it's even better when you go and put your own twist on it!
Post a Comment