Re: protection against buffer overflows
hi ya pav
good examples...
for more code checkers..( looking for bad code )
http://www.Linux-Sec.net/Audit/audit_tools.gwif.html#Code
have fun linuxing
alvin
On Sat, 19 Jan 2002, Pavel Minev Penev wrote:
> On Fri, Jan 18, 2002 at 09:20:16PM +0100, Vincent wrote:
> > Hi all !
> >
> > I'm working on buffer overflows these days, and more precisely the possible
> > methods to avoid them.
> > It seems that the most used tools to prevent exploits based on buffer
> > overflows are Libsafe, OpenWall, StackGuard... and maybe Saint Jude.
> >
> > Has anyone any interesting comments about theses methods ?
>
> I would like to comment on another method, if you don't mind. I few
> years ago I was after buffer overflows just as you. What I wanted was to
> make a programme which parses the C (or whatever) source code and checks
> if it is possible a buffer overflow to occur if the programme is fed
> suitable input data. The idea was simple:
> 1. For each code block (what is put in curly braces
> ("{", "}") in C) check what condition(s) should be met so that
> an overflow occurs.
> 2. Then exclude those conditions at which the block is
> not entered at all.
> 3. Repeat this procedure until the main () function's
> block is finished.
> 4. Do this for all blocks in the source code.
> Of course this may be hard to achieve if the, let's say, C code is mixed
> with assembler or even machine code; however, it seems applicable for
> most "normal" programmes.
>
> A few examples:
>
> /* Fool a programme using the above idea: */
.. good examples...
Reply to: