Code Security

Is it possible to write code in C and not be vulnerable to buffer overflows? Or is this a fool's errand?

>>4,
>>3 just told you exactly what NOT to do you fucking idiot.

OFCOURSE IT'S FUCKING POSSIBLE TO WRITE C CODE WITHOUT BoF's if it was not , no one would use C for fucks sake.

Here's a small example avoiding buffer overflows

char buffer[100]; // 100 bytes storage here
fgets(buffer, 100, stdin); // no buffer overflows

Here's a buffer overflow
char buffer[10000]; // 10.000 bytes storage here
scanf("%s", buffer); // here's the BoF part..
Let's compile and exploit the second one..


[anonymous@post ~]$ gcc bof.c -o bof
[anonymous@post ~]$ ./bof `perl -e 'print "A"x10001'`

simple.