Null Character

Dennis Faas's picture

The null character (also referred to as a null terminator) is a character with the value zero, and is used in nearly all mainstream computer programming languages.

Use as String Terminator

The character has special significance in C programming language and its derivatives, where it serves as a reserved character used to signify the end of strings, such as a sentence. The null character is often represented as the escape sequence '\0' in source code. Strings ending in a null character are said to be null-terminated.

Security Exploit: Poison Null Byte

The "poison null byte" was originally used by Olaf Kirch in a Bugtraq post in October 1998.

The "poison null byte" exploit takes advantage of how strings with a known length can contain null bytes and what happens when that string is converted for use with an API (application program interface) that uses null terminated strings.

The end result is that by carefully placing a null byte in the string, the attacker is able to force the string to end at that point, even after the application has appended more characters to the string, like for example, a filename extension.

Some examples of poison null byte usages include:

  • Terminating a file name string, such as removing a mandatory file extension.
  • Terminating / commenting a SQL statement when executing code dynamically, such as Oracle EXECUTE IMMEDIATE.

Typically, the "poison null byte" is exploited along with another type of exploit such as directory traversal or SQL injection; poison null byte is often used to simplify or enhance other attacks.

This document is licensed under the GNU Free Documentation License (GFDL), which means that you can copy and modify it as long as the entire work (including additions) remains under this license.

Rate this article: 
No votes yet