Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

The Cloud is the way to go! Even on your Desktop, you can sync cloud based file storage with local storage. This post is about the Cloud Files API on the Windows OS.

Windows Cloud File API offers support for cloud sync engines and handles tasks such as creating and managing placeholder files and directories. This syncs between remote file system and the local client. With a large file, instead of taking up a massive amount of space on the computer, a placeholder is inserted instead.

When performing this operation for syncing the file system, there is a bug on changing the length of the packet. After the initial connection, the length of the point data can be set to 0. Clearly, the data we are written does not have a length of 0!

The problem is not the length being 0 though; there are bounds checks that happen. The vulnerability is that the length of the buffer used is subtracted by 12 when decompressing itself.

Because of the subtraction, this results in an integer underflow and a length of 0xFFFFFFF4 on the buffer. Whether this bug is exploitable is not mentioned in the article. The exploitability of this bug is dependent on whether the wildcopy can be stopped or not with controlled data.

Microsoft fixed this vulnerability by adding a check to make sure the retrieved length is not less than 4. This makes it impossible to trigger an integer underflow.