Secure Coding mailing list archives
Re: opinion, ACM Queue: Buffer Overrun Madness
From: der Mouse <mouse () Rodents Montreal QC CA>
Date: Wed, 09 Jun 2004 22:36:19 +0100
Sure, it doesn't overflow into the stack, but it overflows into important data. And if you want to go further into insanity, you can manufacture a case where character 11 being lower case causes unwanted code to be executed (no default condition in a 'case' statement, no good error handling, etc).
This is not as far-fetched as you make it sound. I actually ran into something not too dissimilar in the wild. Back in the late '80s, I had the dubious pleasure of tracking down the bug responsible for a mail UA breaking overnight, on a machine that was completely untouched - nothing at all had run, not even (the local equivalent of) cron jobs. It turned out to break as soon as the day number had two digits in a month whose full name was only three characters long. It broke overnight between May 9 and May 10. Y'see, what happened was, one piece of code formatted the date in the form "Fullmonthname DD" - two-digit day, with a leading space for days 1 through 9, and the month name in full. Then another piece of code converted this to the short form by skipping three characters in, dropping a terminator, looking for the next space, and picking up the day number from there. Most months, this worked fine. May 1 through 9, it worked, because the leading space on the day number stopped the scan. But May 10, the 10 was mistaken for the rest of the month name, the parser got confused, and things went downhill from there. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML [EMAIL PROTECTED] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- opinion, ACM Queue: Buffer Overrun Madness Jose Nazario (Jun 08)
- Re: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 08)
- Re: opinion, ACM Queue: Buffer Overrun Madness der Mouse (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness Kenneth R. van Wyk (Jun 09)
- RE: opinion, ACM Queue: Buffer Overrun Madness Alun Jones (Jun 09)
- RE: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness Blue Boar (Jun 10)
- Re: opinion, ACM Queue: Buffer Overrun Madness der Mouse (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness der Mouse (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 08)
- Re: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness David Eisner (Jun 09)
- <Possible follow-ups>
- RE: opinion, ACM Queue: Buffer Overrun Madness Peter Amey (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness Gary McGraw (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 09)
- RE: opinion, ACM Queue: Buffer Overrun Madness David Crocker (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness Jared W. Robinson (Jun 10)
- RE: opinion, ACM Queue: Buffer Overrun Madness David Crocker (Jun 11)
- RE: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 11)
- Re: opinion, ACM Queue: Buffer Overrun Madness der Mouse (Jun 11)