>or alittle more detailed >explaination of exact what constitues a buffer >overflow... like someone putting 4 characters in a 3 >char array?
When you have any kind of array in C, you have to explicitly state how many elements can be determined in that array. For example: Char array[100]; This creates a character array that can hold 100 single characters (i.e. 'a' is one char, 'b', 'c', '\r', '\0', etc.). If you assign more than 100 characters to this character array (or sometimes called a buffer) (this includes such unprintable characters as a carriage return or line feed, \n or \r, or a null char to delimit the end of a "string", \0), you get a buffer overflow. C/C++ does not have a check to assert that what you assign to a buffer can be contained by that buffer (unlike strong typed languages such as Java). What I mean by contained is that if you have a buffer of 100 chars, but you assign a 110 character, the assignment will write out past the memory actually allocated (100 chars). So, when you attempt to use the memory location directly after the array variable, it may be overwritten by garbage that was assigned to the 'array' variable. Make sense now? Boh
