[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 358
  • Last Modified:

Buffer overrun

I will probably not give a good enough explanation but here goes. I have a program written in C++ that enables a user to log in with a browser (it is a mail server). The server has a buffer overrun exploit and for the life of me I just can't find what i'm missing to fix it. Any suggestions at all? If you need any more info just let me know and i'll post it.
0
avtronics
Asked:
avtronics
  • 2
  • 2
1 Solution
 
jhanceCommented:
At any point where you are accepting a data stream from the client, you must check for this problem.  I'd suggest one of two things, perhaps even both if you're paranoid:

1) Check the size of the input stream to make sure it doesn't exceed the size of the buffer in your application.

2) Limit the number of bytes that you will read from the input stream to some maximum.

Also, always verify every input from the client for bogus values, control characters where you were expecting text, NULLs, escape sequences, anything other than what you were expecting should be filtered or rejected.
0
 
jhanceCommented:
Oh, I forgot to mention.

If you can possibly avoid it, NEVER use a statically defined buffer like:

char MyBuffer[1024];

I know this is convenient but this is the #1 that this exploit is used.  Wherever you can, determine the size of the buffer needed and allocate the space needed using new or malloc.  Even if you have to keep allocating new buffers as the data comes in, do it that way.

But you still want to be sure to limit the maximum data you will accept to prevent a user from sending you so much data that your application exhausts it's memory space and crashes.
0
 
IexpertCommented:
In general always specify max amount to read,
for e.g don't use gets, use fgets instead as you can specify
a max amount to read.

If you use recv, make sure there isn't a mismatch between
the buffer size specified and the actual size,

etc..

0
 
avtronicsAuthor Commented:
Well thanks to both of you for answering so quickly. Just looking over it again I have found problems that both of you have given information on. I will have to wait until I'm on my machine and will compile the fixed source and should be able to let you know what's happened by tonight or tomorrow. I might just have to give both of you points! Thanks guys.
0
 
avtronicsAuthor Commented:
lexpert? If you would like I will post a question with the same point value for you to answer considering your answer was of assistance to me as well.
0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now