Vulnerability Development mailing list archives
Re: Format Bugs in Windows Code?
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Sun, 10 Sep 2000 14:14:34 +0200
Depends on how the compiler implements vargs?Is that actually true? It seems to me that if the compiler implements varargs at all, then it is exploitable.
So far there is at least two of us who has purposed the idea of vargs not being of "unlimited" size, but actually also contain a "length" field. It most certainly become tricky to modify the return address if functions such as printf refuses to take any more, or less, arguments than actually was supplied to the function. OK, there are problems. user-supplied %s will still be likely to crash the application, all object files must be recompiled etc etc. But is there really any way to modify return address (EIP)? I think not. So if you code for a totally new architecture / operating system, you really should consider if the current vargs implemention is the best choice. Perhaps a solution for StackGuard implementation as well. If I'm wrong, or this is harder to implement than I think, I would love to hear your opinion on the subject. ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Current thread:
- Format Bugs in Windows Code? Crispin Cowan (Sep 08)
- Re: Format Bugs in Windows Code? Iván Arce (Sep 12)
- Re: Format Bugs in Windows Code? Bluefish (P.Magnusson) (Sep 12)
- Re: Format Bugs in Windows Code? Crispin Cowan (Sep 12)
- Re: Format Bugs in Windows Code? Bluefish (P.Magnusson) (Sep 12)
- Re: Format Bugs in Windows Code? Pavel Kankovsky (Sep 12)
- Re: Format Bugs in Windows Code? Bluefish (P.Magnusson) (Sep 13)
- Re: Format Bugs in Windows Code? Daniel Jacobowitz (Sep 12)
- Re: Format Bugs in Windows Code? Crispin Cowan (Sep 12)
- <Possible follow-ups>
- Re: Format Bugs in Windows Code? Michael Wojcik (Sep 12)
- Re: Format Bugs in Windows Code? Thomas Dullien (Sep 12)
- Re: Format Bugs in Windows Code? Scott Hardy (Sep 12)
- Re: Format Bugs in Windows Code? Michael Wojcik (Sep 12)