DragonFly BSD
DragonFly kernel List (threaded) for 2003-08
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: Buffer overflow?


From: Richard Coleman <richardcoleman@xxxxxxxxxxxxxx>
Date: Fri, 01 Aug 2003 01:50:21 -0400

Seriously, though, the C lib has new functions, e.g. snprintf(), and the only way to avoid most buffer overflow problems is to use these
bounded functions and never, ever use the unbounded functions, even
if you *know* a particular use will not overflow a buffer.


The second type of buffer overflow is an array index overflow, where
an array index is incorrectly calculated or incorrectly bounded. For
example, consider the age-old misuse of malloc() where beginning programmers would do something like: str2 = malloc(strlen(str1)),
which doesn't account for the \0 terminating the string, or programmers
who check the high side but forget that they are using a signed index
variable which could very well be negative.


If just these two problem areas were cleaned up 99% of all buffer overflow issues would disappear.

-Matt
Matthew Dillon <dillon@xxxxxxxxxxxxx>

Have you given any thought to pulling in the changes that OpenBSD made to harden against buffer overflows (i.e. canary checking)? They've added some pretty serious mechanisms to make it harder to exploit buffer overflows (and made it turned on by default).


I've been surprised that none of the other BSD's have pulled in this code.

Richard Coleman
richardcoleman@xxxxxxxxxxxxxx




[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]