[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: protection against buffer overflows

hi ya pav

good examples...

for more code checkers..( looking for bad code )


have fun linuxing

On Sat, 19 Jan 2002, Pavel Minev Penev wrote:

> On Fri, Jan 18, 2002 at 09:20:16PM +0100, Vincent wrote:
> > Hi all !
> > 
> > I'm working on buffer overflows these days, and more precisely the possible
> > methods to avoid them.
> > It seems that the most used tools to prevent exploits based on buffer
> > overflows are Libsafe, OpenWall, StackGuard... and maybe Saint Jude.
> > 
> > Has anyone any interesting comments about theses methods ? 
> I would like to comment on another method, if you don't mind. I few
> years ago I was after buffer overflows just as you. What I wanted was to
> make a programme which parses the C (or whatever) source code and checks
> if it is possible a buffer overflow to occur if the programme is fed
> suitable input data. The idea was simple:
> 		1. For each code block (what is put in curly braces
> 	("{", "}") in C) check what condition(s) should be met so that
> 	an overflow occurs.
> 		2. Then exclude those conditions at which the block is
> 	not entered at all.
> 		3. Repeat this procedure until the main () function's
> 	block is finished.
> 		4. Do this for all blocks in the source code.
> Of course this may be hard to achieve if the, let's say, C code is mixed
> with assembler or even machine code; however, it seems applicable for
> most "normal" programmes.
> A few examples:
> /* Fool a programme using the above idea: */

.. good examples... 

Reply to: