National Institute of Standards and Technology
Package illustrating a test case

Test case 1509

Description

Overwriting freed memory exploit. On lines 39-40, the first chunck is overwriting but it was freed on line 36.
This example show an exploit: the call to malloc() on line 41 replaces the adress pf strcpy() with the adress of the shellcode and the call to strcpy() on line 42 invokes the shellcode.
From "Secure Coding in C and C++" by Robert C. Seacord.
Page 121, Figure 4-22

Flaws

Have any comments on this test case? Please, send us an email.