On Tue, 28 Jan 2003, Michal Zalewski wrote: > There are several interesting ways to prevent the problem without making > major changes to the code, however. One of better ideas I've seen is to > register buffer sizes when buffers are created. It takes few more lines > when you create an object, but this is the only effort you need to make. > Buffers are later deregistered from your own free(), for heap memory - and > your own function epilogue, for stack. With some help from the compiler > and linker, two last steps involve no changes to your existing code. If > your code uses mapped memory, you might also want to cover munmap and > such. > > You just call register_buf() whenever you create an array, a structure or > such. Its address, length and element size would be stored, so that you > can query for a buffer at any time, and perhaps decide, based on element > size, if its suitable for the operation you are about to perform (so that > when you have a number of buffers inside an array, and you only added the > array to implement index range checking, but forgot to add single buffers, > your code would not overwrite other elements when modifying one, but > rather bail out because of element size mismatch). > > The approach is not perfect, but can be quite helpful. I wasn't able to find such a function - do you have an example? Most of the buffers we use are fixed-size, to side-step problems with malloc() and free(), and so we've been able to partially get around this problem by writing strcpy() as a macro - for example: char buf[512]; our_strcpy(buf, source); if our_strcpy() is written as a macro, then sizeof(buf) will return 512, and so we can do bounds checking. The problem comes in when someone does something like: ptr = buf; our_strcpy(ptr, source); How can one determine the size of the buffer being pointed to? sizeof(ptr) returns 4 :( Technically, that's correct, but that's not what I meant ;) -- Ed Carp, N7EKG http://www.pobox.com/~erc 214/986-5870 Licensed Texas Peace Officer Computer Crime Investigation Consultant Director, Software Development Escapade Server-Side Scripting Engine Development Team http://www.squishedmosquito.com Microsoft Front Page - the official HTML editor of Al Qaeda Microsoft Hotmail - the official email of Al Qaeda
This archive was generated by hypermail 2b30 : Tue Jan 28 2003 - 09:15:51 PST