From owner-freebsd-security Sun Feb 9 10:58:25 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id KAA00299 for security-outgoing; Sun, 9 Feb 1997 10:58:25 -0800 (PST) Received: from freon.republic.k12.mo.us (rholland@freon.republic.k12.mo.us [204.184.196.100]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA00292 for ; Sun, 9 Feb 1997 10:58:19 -0800 (PST) Received: (from rholland@localhost) by freon.republic.k12.mo.us (8.8.5/8.6.9) id MAA02371; Sun, 9 Feb 1997 12:57:33 -0600 Date: Sun, 9 Feb 1997 12:57:33 -0600 (CST) From: Richard Holland To: freebsd-security@FreeBSD.ORG Subject: buffer overruns In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk With all of this locale stuff going on, it made me realize that I actually don't know what a buffer overrun is. However I am learning C at the moment and have a basic idea down: I know what in C, a variable takes up a certain amount of memory, like type char is usually 1 byte, so stating char var; in your code sets aside 1 byte of memory aside. So if you then said var = 'blah' You would step into other memory addresses right? So the set locale bug is this only put differently. It allocates X amount of bytes for the buffer, and people put to much junk into it, causing it to step into other memory addresses. If I am right here, How would you know just how far you have to go over and what the characters need to be once you get thus far? Of course I could be totally wrong here. Realize that I am just now covering pointers in the book I am reading on C :) ///////////////////////////////////////////////////////////////////////////// Richard A. Holland * Systems Administrator rholland@freon.republic.k12.mo.us * UNIX consulting HANGER@getonthe.net * Network Security hangar@irc --------------------(FreeBSD,OpenBSD,NetBSD,Linux,AIX)----------------------