Vulnerability Development mailing list archives
Re: Delphi and buffer overflows
From: Valdis.Kletnieks () vt edu
Date: Mon, 20 Oct 2003 15:25:04 -0400
On Mon, 20 Oct 2003 01:33:10 -0000, ellostron () yahoo com said:
Hi,i looked all over the web but i couldnt find information about buffer overflows in delphi programs.
It's one of several things: 1) Delphi isn't used enough to make attacking it interesting. 2) Delphi is mostly secure against buffer overflows. 3) Delphi leaks like a sieve in other respects, and there's no need to do a buffer overflow when abusing the quoting rules works. I *cant* actually speak to the truth of any of those 3, but those are the top three *possible* reasons (at least to my thinking). Devising a way to test each hypothesis is left as an exercise for the vuln-dev community ;)
I think that as far as delphi uses pascal style strings,programs made in delp
hi are much safer than those made in c/c++.
1)Is really delphi much safer?
Presumably it's safer against character-array buffer overflows. This does not imply that the language is overall safer - there could very well be significant brain damage elsewhere, and char-based overflows are only one attack method. And I'm *positive* that the average Delphi program is just as prone to the same sort of "failure to filter" bugs that cause every other language to be vulnerable to XSS, SQL injection, and similar. Sorry I couldn't answer the question directly, but hopefully I've pointed you in a productive direction....
Attachment:
_bin
Description:
Current thread:
- Delphi and buffer overflows ellostron (Oct 20)
- Re: Delphi and buffer overflows Valdis . Kletnieks (Oct 20)
- <Possible follow-ups>
- RE: Delphi and buffer overflows ATarasul (Oct 20)