 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / Languages / C# / February 2008Michael Howard's Spot the security bug problem.
Do anyone know the answer to this problem? Int16 req; ... while (true) { getRequest(); req++; arr[req] = DateTime.Now; } Can you spot this code flaw? From this link... http://msdn2.microsoft.com/en-us/library/ms972827.aspx - Mugunth Well, eventually req could wrap around (assuming unchecked), causing an OutOfRangeException due to -ve index, but...? Nothing obviously security related, (assuming that everything we need to know is in the question). Marc Hello Marc, > Well, eventually req could wrap around (assuming unchecked), causing > an OutOfRangeException due to -ve index, but...? Nothing obviously > security related, (assuming that everything we need to know is in the > question). That means that if you send it enough requests the app will crash pretty quickly, which could be seen as a DoS attack. Though I find it a bit far fetched in the context it is presented. -- Jesse Houwing jesse.houwing at sogeti.nl I don't know if we really have enough info, but index 0 *appears* to be skipped. while (true) { getRequest(); arr[req] = DateTime.Now; req++; } > Do anyone know the answer to this problem? > [quoted text clipped - 13 lines] > - > Mugunth Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.