Graham Sutherland

Here is a walkthrough of our solutions to two C/C++ security challenges from the new C/C++ chapter in the Testing Handbook: a Linux ping program with an inet_ntoa global buffer gotcha and command injection, and a Windows driver with registry type confusion bugs that can escalate from local DoS to a kernel write primitive.

We released a new Testing Handbook chapter providing a comprehensive security checklist for C and C++ code review, covering Linux, Windows, and seccomp environments.