tribes » Computers & Internet » 0day » topics »
show your code topic posted Fri, August 1, 2003 - 1:46 PM by dmuz

demonstrate your own superiority and stroke your own ego at the same time: post some fuckin leet code.

I'll start with a simple entry so as not to intimidate those not familiar with the might power of the moon.

sec.angrypacket.com/code/hex0r.pl

posted by:

dmuz

SF Bay Area

36 friends

join to post

Unsu...

Re: show your code

Sun, August 3, 2003 - 7:04 PM

i actually had a job with a .mil a while ago, and was in charge of defense programs. here is one that we used in Operating Enduring Freedom, pretty complex code.. doubt you can follow.

angrypacket.com/~wcu/topsecret.c

join to post

blank

27

find the bug

Tue, November 25, 2003 - 12:09 AM

Assume the first argument of this function is a pointer to a buffer containing a compressed DNS name as received off the network. The first byte of a compressed label is the length of the following text. What is wrong with this code, other than it provides no status (for brevity), and therefore does not check function returns etc.? Explain for the less l33t haX0rs in the tribe.

void decode_label(char* input, char* buf, int buf_len)
{
int label_len = *input;

if (label_len < buf_len) {
memcpy(buf, input + 1, label_len);
}
}

join to post
- blank
  
  27
  
  Solution
  
  Wed, November 26, 2003 - 12:43 PM
  
  If the first byte in buf is 0x80 or higher, then the value assigned to label_len is negative, since char is a signed type. The assignment does an implicit integer promotion, so the char 0x80 would become the int 0xFFFFFF80. If all values in an integer expression can be expressed by signed integers, then all values are promoted to ints and the expression evaluated. In this case, the values in the the if() conditional are both ints, so the comparison is signed. So, it is essentially "if (-128 < buf_len)", which evaluates to TRUE. When label_len is passed as the length specifier to memcpy(), it is converted to an unsigned int implicitly, which results in a copy of 4294967168 bytes starting at input + 1 to buf :/
  
  join to post
- - colin
    
    26
    
    Re: Solution
    
    Wed, November 26, 2003 - 1:04 PM
    
    Don't you eat lunch on your lunch break?
    
    join to post
  - blank
    
    27
    
    Re: Solution
    
    Wed, November 26, 2003 - 4:07 PM
    
    Why yes. Do you take off your hands and head when you go to sleep? If so, are you some kind of robot....
    
    join to post

Recent topics in "0day"

Topic	Author	Replies	Last Post
Anyone use this group regularly?	Paranoid	1	June 8, 2006
Do you guys even know what 0day means?	g	6	June 5, 2006
Check this out	SiCkBmWs	0	March 20, 2004
smiting the naysayers	dmuz	0	January 31, 2004

^ top of page | view all topics | back to 0day »


	remember me	help

show your code

Re: show your code

find the bug

Solution

Re: Solution

Re: Solution

Recent topics in "0day"