Description
Overwriting freed memory exploit. On lines 39-40, the first chunck is overwriting but it was freed on line 36.
This example show an exploit: the call to malloc() on line 41 replaces the adress pf strcpy() with the adress of the shellcode and the call to strcpy() on line 42 invokes the shellcode.
From "Secure Coding in C and C++" by Robert C. Seacord.
Page 121, Figure 4-22
Flaws
Have any comments on this test case? Please, send us an email.