Re: Buffer Overflow

From: Juha Laiho (Juha.Laiho@iki.fi)
Date: 04/05/03 

From: Juha Laiho <Juha.Laiho@iki.fi>
Date: Sat, 05 Apr 2003 19:22:00 GMT

albalmer@spamcop.net said:
>On 4 Apr 2003 13:56:45 -0800, raphael_77@yahoo.com (Jack) wrote:
>>Hey Guys I need your point of view in terms of buffer overflow. These
>>are the steps i take while transfering data from one socket to the
>>other.
>>1) The first 2 bytes of the message tell me the length of the buffer.
>>2) I malloc my buffer for that size, memset the buffer
>>3) If the data size increases my MAX_LIMIT i disregard the message.
>>
>Presumably you're going to copy or read the message into the allocated
>buffer, so there's no need to memset it.

I've been bitten by this - and there is a need to zero the buffer you get
from malloc(): while the OS memory allocation routines will clear (to
some value; I think the actual value hasn't been specified) the memory
areas they're giving to your process, malloc() may also return memory
that was already used by your process, but free()'d (but still not yet
returned to the OS). And in this case the contents will not be scrubbed;
the memory will contain whatever it did contain when your program freed
the area. 

-- 
Wolf  a.k.a.  Juha Laiho     Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
         PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)

Relevant Pages

  • Re: C 99 compiler access
    ... > nm> reliably allocating some piece of memory. ... We're not talking about implementing malloc in portable C - it's part of the ... concern is that library implementations are not implementing the required ... using malloc to allocate the buffer memory. ...
    (comp.lang.c)
  • Re: Benchmark: STLs list vs. hand-coded one
    ... if you bother to check the pointer from malloc or use newand throw ... buffer to 640MBytes. ... To support your efficient memory management you limit symbol size to ... Yes you could require the compiler to jump ...
    (comp.arch.embedded)
  • Re: Discovering variable types...
    ... >- but I suppose MS expect us to use wrappers ... memory allocations for your variables from disk as well. ... >They most certainly are of fixed size, changing the size of a String ... >>me to keep buffer size and current postion right in the memory block. ...
    (comp.lang.pascal.delphi.misc)
  • Re: NTFS - Kernel memory leak in driver for kernel 2.4.28?
    ... I should say that the malloc() succeeds, but the 16mb I need for the ... buffer are not available. ... memory tied up in the inode and dentry cache. ... kernel attempts to use for the dentry/inode cache, or make it much, ...
    (Linux-Kernel)
  • Re: Discovering variable types...
    ... >memory it points to is on the heap. ... sequentially reading data, if one is randomly reading records, then a ... >project is what's prompting me to improve disk access. ... from a memory buffer I can do it in about a second. ...
    (comp.lang.pascal.delphi.misc)