InfoSect's Month of Pointless Bugs (#24)

InfoSect, Canberra's hackerspace, regularly runs public group sessions to perform code review and vulnerability discovery. Over the next 30 days, I'll highlight the source code of 30 unknown vulnerabilities.

Bug #24

In the omega-rpg game:

void player_dump( void )
{
  FILE *dumpfile;
  char dump_name[ 32 ];
        
  /* build player dump file name as "charactername.txt" */
  strncpy( dump_name, Player.name, 27 );

  strcat( dump_name, ".txt" );


strncpy is not guaranteed to NUL terminate. This might lead to a buffer overflow in the proceeding strcat.

Popular posts from this blog

Empowering Women in Cybersecurity: InfoSect's 2024 Training Initiative

C++ Memory Corruption (std::string) - part 4

C++ Memory Corruption (std::vector) - part 2