Re: Help me stay away from visual C++ :)

[Buddha Buck <bmbuck@zaphod.dhis.org>]

> dear carl 
> 
> 
> >The more I think about it, the following is better.
> >No more buffer overflow problem.
>         ~~~~~~~~~~~~~~~~
>  
> have heard lots about it in security bulletins ...
> what is a buffer over flow ? and how does it appear in code ?

A buffer is a block of memory designed to hold some data involved in 
input or output.  A buffer overflow is when you read more data into the 
buffer than it can hold.

Example:

char *
readline(FILE *input)
{
   char buffer[80];
   fscanf(input,"%[^\n]",buffer);   /* Read in everything upto a 
newline */
   return strdup(buffer);
}

This is a rather straightforward example:  It declares a fixed-width 
buffer (80 characters), then reads in an unbounded number of characters 
into it.  If it is asked to read a line longer than about 80 
characters, "buffer" will overflow.

This is a potential security problem because C doesn't do any array 
bounds checking.  fscanf will be happy to write over any memory near 
the buffer once it gets past an 80 character line.  In this case, that 
will modify such things as return addresses, saved registers, etc, 
stored on the same stack that the buffer was allocated on.  That means 
that a well-chosen long line could turn control of my program over to 
the attacker instead of the legitimate user.

Hope this helps.

> 
> cheers
> venu
> 
> 
> 
> -- 
> Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
> 
> 

-- 
     Buddha Buck                      bmbuck@zaphid.dhis.edu
"Just as the strength of the Internet is chaos, so the strength of our
liberty depends upon the chaos and cacaphony of the unfettered speech
the First Amendment protects."  -- A.L.A. v. U.S. Dept. of Justice