Secure Coding mailing list archives
Buffer Overrun
From: "Mark Rockman" <mrockman () acm org>
Date: Mon, 02 Aug 2004 16:09:08 +0100
If I allocate a buffer of n bytes, open the channel and receive n+m bytes where m>0, then where does the fault lie? Some possibilities: 1) My choice for n is too small, 2) the software with which I open the channel does not permit me to specify that my buffer is only n bytes in length and it returns more than n bytes, 3) the software with which I open the channel permits me to specify that my buffer is only n bytes in length but I incorrectly inform it that the buffer length is some number >= n+m bytes. Modern techniques allow me to create an array object that cannot overflow without causing an exception. That is exactly the behavior a buffer should have. Lazy or forgetful programmers cannot write code that is able to corrupt outside the limit of the buffer. Malware writers are unable to transfer control to malicious code by corrupting the stack.
Current thread:
- Buffer Overrun Mark Rockman (Aug 02)