Reply to post: Typical

Memcached has a crash-me bug, but hey, only about 83,000 public-facing servers appear to be running it

Michael Wojcik Silver badge


Tainted data used as the length argument to memcpy. That's not even a mistake; it's laziness, pure and simple.

Of course even in this code snippet we have C code written by someone who doesn't know that sizeof is an operator, not a function, and its argument does not need to be parenthesized unless it's a type name.

Most developers simply don't have the discipline to write in C.

And an unconstrained overflow of an automatic-storage-class1 very likely is an RCE vulnerability on popular platforms. It's the classic RCE, going back to Levi and to Morris before him.

1"Stack", though C does not require a traditional contiguous stack, and the language does not use that term.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021