I was reading a paper and saw this piece of code has an information leakage vulnerability. It was saying the following code will Leak memory layout information to the attackers
Could somebody please explain me how this leaks information?
struct userInfo{
char username[16];
void* (*printName)(char*);
} user;
...
user.printName = publicFunction.
...
n = attacker_controllable_value; //20
memcpy(buf, user.username, n); //get function ptr
SendToServer(buf);
I can see memcpy
will give exception but why should it return memory address to attacker(or whatever it is returning)?
Thanks in advance
Aucun commentaire:
Enregistrer un commentaire