The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information.

OpenSharedCacheFile

From The iPhone Wiki
Revision as of 00:53, 23 March 2015 by Sjeezpwn (talk | contribs) (Created page with "The OpenSharedCacheFile bug was found by i0n1c, what this bug is just a simple stack overflow == Opensharedcachefile() function == int openSharedCacheFile() { char path[1024]...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The OpenSharedCacheFile bug was found by i0n1c, what this bug is just a simple stack overflow

Opensharedcachefile() function

int openSharedCacheFile() { 

char path[1024];
strcpy(path, sSharedCacheDir);
strcat(path, "/");
strcat(path, DYLD_SHARED_CACHE_BASE_NAME ARCH_NAME);
return ::open(path, O_RDONLY);

}

Triggering the vuln =

To trigger it, run the following DYLD_SHARED_CACHE_DIR = “A” * 2000 \ DYLD_SHARED_REGION = private /bin/launchctl This will overflow the PC register making it a stack overflow.

Retrieved from "https://www.theiphonewiki.com/w/index.php?title=OpenSharedCacheFile&oldid=45133"