Fork me on GitHub
Its the Code garbage collector. Mind dumps of daily coding antics from a frustrated silly little man. VBS, PHP, TCL, TK, PERL, C++, JAVA....what now? Ruby?
No Wait.. It should be just RUBY!


Google Codesearch - Finding Vulns

Google Codesearch is a newer item in the google lab (Early October ). I like the functionality, but making all the code searchable will always find the bodies in the closet that not everyone wants to see.. The Google hacking database GHDB has been talking about it for awhile along with other noteable persons in the field.. just wondering if ISC/DSHIELD was interested in the topic for discussion..

The Search:

Simple Buffer Overflows
Link: wikipedia Buffer_overflow

lang:"c" strcpy buffer argv

or simply

buffer "should be big enough"

Using Google Code Search:

Found Examples of InSecure (Purposeful) Coding..Google Code Search

/* vuln.c */


int main(int argc, char * argv [])
char buffer [500];

if (argc > 1)
strcpy(buffer, argv[1]);
return (0);

Finding Examples of correct implentation..Google Code Search

*hostdir = malloc(sizeof(char[strlen(argv[1])+1]));

/* separate hostname and dirname from 'hostname:dirname' format */

strcpy(hostdir, argv[1]);

Possible Example of Real Vulnerability Finding... in Nachos Example Operating System

#ifdef DEBUG
int main (int argc, char *
argv[]) {
char buffer[80];
printf ("string = %s.\n", strcpy (buffer, argv

Link:Google Code Search

Site:Nachos URL

No comments: