The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities by John McDonald & Mark Down & Justin Schuh
Author:John McDonald & Mark Down & Justin Schuh [McDonald, John]
Language: eng
Format: epub
Publisher: Pearson Education
Published: 2006-11-19T23:00:00+00:00
* * *
Extraneous Delimiters
You know that standard library functions expect to see environment variables with the NAME=VALUE format. However, consider the case where you have a variable formatted like this:
NAME=LASTNAME=VALUE=ADDEDVALUE
Variations in how environment variables are formatted can be important, depending on how the algorithms responsible for fetching and storing values are implemented. Bugs of this nature have surfaced in the past in how the libc functions setenv()/unsetenv() work. The following is a quote from a post made by a security researcher named David Wagner (the post can be read in full at http://archives.neohapsis.com/archives/linux/lsap/2000-q3/0303.html):
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
| Coding Theory | Localization |
| Logic | Object-Oriented Design |
| Performance Optimization | Quality Control |
| Reengineering | Robohelp |
| Software Development | Software Reuse |
| Structured Design | Testing |
| Tools | UML |
Deep Learning with Python by François Chollet(12570)
Hello! Python by Anthony Briggs(9915)
OCA Java SE 8 Programmer I Certification Guide by Mala Gupta(9796)
The Mikado Method by Ola Ellnestam Daniel Brolund(9778)
Dependency Injection in .NET by Mark Seemann(9339)
Algorithms of the Intelligent Web by Haralambos Marmanis;Dmitry Babenko(8297)
Test-Driven iOS Development with Swift 4 by Dominik Hauser(7763)
Grails in Action by Glen Smith Peter Ledbrook(7696)
The Well-Grounded Java Developer by Benjamin J. Evans Martijn Verburg(7557)
Becoming a Dynamics 365 Finance and Supply Chain Solution Architect by Brent Dawson(7073)
Microservices with Go by Alexander Shuiskov(6839)
Practical Design Patterns for Java Developers by Miroslav Wengner(6760)
Test Automation Engineering Handbook by Manikandan Sambamurthy(6700)
Secrets of the JavaScript Ninja by John Resig Bear Bibeault(6413)
Angular Projects - Third Edition by Aristeidis Bampakos(6104)
The Art of Crafting User Stories by The Art of Crafting User Stories(5633)
NetSuite for Consultants - Second Edition by Peter Ries(5567)
Demystifying Cryptography with OpenSSL 3.0 by Alexei Khlebnikov(5373)
Kotlin in Action by Dmitry Jemerov(5062)
