Re: To find the size of array using its pointer
From: Bill Reid (hormelfree_at_happyhealthy.net)
Date: Sat, 22 Jan 2005 22:30:25 GMT
Sontu <firstname.lastname@example.org> wrote in message
> Hi all,
> Actually i have designed a solution for "Buffer Overflow Attack". There
> is a vulnerability in C and C++ ( i can't comment on other languages
> because i haven't used them excpet that Java has this but too a very
> less extent). If we try to write into an array beyond its defined size,
> and if the array is allocated on stack (its not global or static) then
> it will overwrite the contents of stack. We know that on stack lie the
> frames corresponding to each called function. These frames contain
> important control structures like RETURN ADDRESS and PREVIOUS FRAME
> POINTER that are necessary for maintaining the control flow. If some
> one is able to overflow the array (preferrably of characters) and is
> able to overwrite these data structures selectively, he can change the
> flow. Most of the attackers use this vulnerability.
> What i have thought to do is that when a function is called, i am going
> to make all the previous frames as write protected, so that no
> operation in the current function can write into the crucial control
> structures and modify them. But this brings a new problem.
I'm not a programmer (at least not professionally), so I may be
speaking way out of school here, but wouldn't it be easier just
to not overwrite the array/buffer in the first place?
Can't this be done by just installing error checks in some places
where needed, but in general just by making the default termination
of the buffer-filling loop the size of the array (rather than the much
simpler and more typical "special character" like EOF)?
Of course, then you have to add the generally-redundant
check for EOF (or whatever) inside the loop, but if you're
as committed to security as Microsoft claims to be...
--- William Ernest Reid