Secure Coding mailing list archives
RE: opinion, ACM Queue: Buffer Overrun Madness
From: ljknews <ljknews () mac com>
Date: Wed, 09 Jun 2004 21:30:08 +0100
At 10:02 AM -0500 6/9/04, Alun Jones wrote:
I did some work recently on .NET Security, trying to come up with some examples that would demonstrate how you'd screw it up in code. It's certainly difficult to come up with bad examples that aren't needlessly bone-headed, but when you look at other people's code, you realise that an awful lot of programmers are bone-headed. Buffer overflows can happen in any language, no matter what those languages do to prevent them. Okay, that's a bold statement. I'd better back it up. If you have a string-handling library of any kind, someone's going to come up with a program design that builds a twenty character string for a person's name, putting first name in the first ten characters, and last name in the last ten characters. Eric Smith changes his first name to Navratilova, and he's suddenly listed by the program as "Navratilovamith amith" - buffer overflow. Sure, it doesn't overflow into the stack, but it overflows into important data.
How does the buffer overflow "into important data" using "any language" ? With Ada and Pascal a 20 character array just has no syntax for storing a character into the 21st position. While it is true you will get a (possibly unanticipated) runtime exception rather than pleasing results, there is no opportunity for pleasing results in this situation. The clever programmer may add an exception handler to display a user friendly message like "get a name change" rather than the default "index out of bounds" or whatever. But neither the clever nor the lazy programmer gets an overflow "into important data". The boundary condition is detected and prevented from causing totally obscure failures.
Current thread:
- opinion, ACM Queue: Buffer Overrun Madness Jose Nazario (Jun 08)
- Re: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 08)
- Re: opinion, ACM Queue: Buffer Overrun Madness der Mouse (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness Kenneth R. van Wyk (Jun 09)
- RE: opinion, ACM Queue: Buffer Overrun Madness Alun Jones (Jun 09)
- RE: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness Blue Boar (Jun 10)
- Re: opinion, ACM Queue: Buffer Overrun Madness der Mouse (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness der Mouse (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 08)
- Re: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness David Eisner (Jun 09)
- <Possible follow-ups>
- RE: opinion, ACM Queue: Buffer Overrun Madness Peter Amey (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness Gary McGraw (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 09)
- RE: opinion, ACM Queue: Buffer Overrun Madness David Crocker (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness Jared W. Robinson (Jun 10)
- RE: opinion, ACM Queue: Buffer Overrun Madness David Crocker (Jun 11)