On Tue, 28 Jan 2003, Ed Carp wrote:
> I wasn't able to find such a function - do you have an example?
I'm pretty convinced I've seen at least a discussion about such an
implementation, quite unfortunately, I can't find any references right
now. Perhaps other readers could help.
> How can one determine the size of the buffer being pointed to?
Once again, you can't, not with a standard compiler. It's simply not
tracked. A pointer to any type is, physically speaking, just a memory
address, and char x[nnn] is just a chunk of nnn bytes with no extra meta
data. This is the power and the weakness of C. Your have five options,
essentially:
- Use a range checking compiler that emits and tracks this additional
information (and generates a slower code; plus, not all platforms
would have a compiler with such an option, I imagine),
- Implement manual passing of the information by adding a length
parameter to all functions that operate on buffers (and rewrite
most of your code),
- Implement your own "text buffer" type to pass this information
automagically (you still need to change lots of code),
- Implement a "buffer size registry" as described in my previous post,
which also might have its problems and not work with all compilers,
- ...or, per Crispin's suggestion, use a runtime checker like
StackGuard. It's not unbreakable, but can stop many common problems
(by preventing the attacker from taking advantage of an overflow,
not by preventing it from happening in the first place).
--
------------------------- bash$ :(){ :|:&};: --
Michal Zalewski * [http://lcamtuf.coredump.cx]
Did you know that clones never use mirrors?
--------------------------- 2003-01-28 01:53 --
This archive was generated by hypermail 2b30 : Tue Jan 28 2003 - 09:29:29 PST