

A C++ Challenge - The Conclusion - gthank
http://chargen.matasano.com/chargen/2009/10/15/a-c-challenge-the-conclusion.html

======
thras
The first link mentioned in the article was a very interesting read.

[http://timetobleed.com/defeating-the-matasano-c-challenge-
wi...](http://timetobleed.com/defeating-the-matasano-c-challenge-with-aslr-
enabled/)

It's a fairly clear explanation. Before the language warriors come out in
force, I'll mention that it appears that all of the problems turn out to be
issues with 1) calling new and 2) C-style casts.

Exploiting the issue requires someone with a detailed knowledge of C++ inner
workings. It would have taken me a long time to figure it all out.

Avoiding the issue? Well, most modern C++ doesn't look very much like the
problem code for very good reasons.

~~~
tptacek
Joe Damato's post on this was really excellent, and I highly recommend people
read it first.

