diff --git a/poc/vuln-2.poc b/poc/vuln-2.poc index eba4958dc48bffaf58c6b5738680c0efebd5f4f8..0724af2cbbe79f5962158ba33c8573ce36b6c9c1 100644 --- a/poc/vuln-2.poc +++ b/poc/vuln-2.poc @@ -1,2 +1,3 @@ push 5 -store aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa \ No newline at end of file ++ +print \ No newline at end of file diff --git a/src/vuln-2/dc.c b/src/vuln-2/dc.c index 86749423b3b86a28b0cfb20b85b7490d30744a34..bc2abf164b7a9fe4236d41712f3d81d6bc4f7bec 100644 --- a/src/vuln-2/dc.c +++ b/src/vuln-2/dc.c @@ -72,14 +72,7 @@ static void node_print(const node_t *p){ static node_t *node_new(const char *varname, const value_t value){ node_t *new = malloc(sizeof(node_t)); assert(new != NULL && "new: malloc failed"); - //new->varname = strdup(varname); - - /*---- vuln-2 ----*/ - unsigned int count = 0; - while (varname[count++] != '\0'); - new->varname = (char *)malloc((count-1) * sizeof(char)); - new->varname = memcpy(new->varname, varname, count); - + new->varname = strdup(varname); assert(new->varname != NULL && "new: strdup varname failed"); new->value = value; new->left = NULL;