Monday, July 23, 2007

WTF... dangling pointer exploits?!

This article points to a potential technique for exploiting dangling pointers?

I have no idea how they can get something usefull from a dangling pointer... any ideas?

2 comments:

luijo said...

Hell, I don't even know what a dangling pointer is.. :|

Para los programadores curiosos, Dangling Pointers..

hobbes' consultant said...

Object *p = (Object *) malloc (sizeof(Object));

work_on_p(p);

free(p);

work_more_p(p);

In essence, p still points to what was once a valid Object, still that memory was freed and what p points to is no longer guaranteed...

after the free(); p should be assigned to NULL...

Still how the hell they manage to get their own data into p I have Nooooo idea...