[Security] Matasano C++ code review challenge
aestetix aestetix
aestetix at gmail.com
Tue Oct 13 18:28:43 UTC 2009
http://chargen.matasano.com/chargen/2009/10/9/a-c-challenge.html
>From their blog post:
"C++ lends itself to much more
complex<http://em386.blogspot.com/2009/06/fun-with-erase.html>
vulnerabilities<http://taossa.com/index.php/2007/01/03/attacking-delete-and-delete-in-c/>then
plain old C. From templates to string classes, C++ raises the skill
level required to play the memory corruption game. And while the quality of
C/C++ code we see has increased dramatically over the years, a lot of
developers still don’t understand the more obscure C++ bug classes. I
recently found a vulnerable C++ code pattern that I wanted to share with our
readers. But instead of just writing some boring technical blog post,
Matasano would like to present a C++ audit challenge to our audience. It
consists of a contrived vulnerability that follows the same vulnerable code
pattern. "
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/security/attachments/20091013/4cecdd34/attachment-0002.html>
More information about the Security
mailing list