----- Original Message ----- From: "Scott, Richard" <Richard.Scottat_private> To: <BUGTRAQat_private> Sent: Wednesday, October 06, 1999 5:10 PM Subject: Re: ActiveX Buffer Overruns and BSTR's > As my understanding goes, a BSTR is simply a 32bit pointer to a > character array? > > ... > > It's just that COM wraps all the pointer stuff and just lets us get > on with the more interesting stuff, > I am sure that a buffer overflow could occur, whether it could be > used for a breech of security is something that may need further research in > to. > Yes, but that would be an implementation flaw in COM. What we were discussing here is whether or not it's possible to overflow buffers under *normal* circumstances. Although COM uses pointers in the underlying implementation, you only have access to it before and after the wrapping is done. This means that if COM wrapped the BSTR correctly (which is what we're assuming right now) the overflow can only occur when you extract the BSTR into a smaller buffer. I believe you have to be pretty stupid to do that (BSTR includes its own size, for gods sake). ------------------------- Aviram Jenik "Addicted to Chaos" ------------------------- Today's quote: - Real programmers think structured programming is a communist plot.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:06:56 PDT