Re: New Microsoft Security Tool for developers

[Gene Spafford <spaf () cerias purdue edu>]

At 11:02 AM -0500 12/15/03, Dave Aronson wrote:

Gene Spafford pointed out that noOverflow could be passed a pointer to a
string that was *shorter* than the internal buffer.  He did not state
specifically what was so bad about this, but I presumed that his point
was the one later raised by Jannie Hanekom: that there could be
information leakage from just past str, into buffer.  (Also possibly
that that chunk of memory might be protected, in various ways that
would crash the program.)  Spaf, is this indeed what you meant?


Yes.  As a more general case, if the buffer in the subroutine was 
declared to be 1000 characters long, you could pick up all sorts of 
things, including (perhaps) stack pointers, other variables, and so 
on.


Typing shouldn't be hidden by the calling interface without very good reasons.


Spaf also suggested rewriting noOverflow to include a parameter for the
buffer size.  That would help prevent accidental misuse -- but
malicious abusers could still pass in a bad buffer size.


Yes, but presumably that would be checked in the calling code to 
ensure that bad values weren't put into it.  Otherwise, we could also 
argue that they could pass in a faulty buffer pointer.




(BTW, I'm feeling caught in a bit of a timewarp.  Last time I followed
up to something spaf posted was about 20 years ago....)


I'll keep my eyes peeled in 2023 for our next volley. :-)

--spaf

--
This message has been 'sanitized'.  This means that potentially
dangerous content has been rewritten or removed.  The following
log describes which actions were taken.

Sanitizer (start="1071708528"):
 ParseHeader ():
   Ignored junk while parsing header:  


 SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
   Match (rule="default"):
     Enforced policy: accept


Anomy 0.0.0 : Sanitizer.pm
$Id: Sanitizer.pm,v 1.79 2003/06/19 19:22:00 bre Exp $