Buffer overrun

Posted on 2000-03-13
Last Modified: 2010-04-02
I will probably not give a good enough explanation but here goes. I have a program written in C++ that enables a user to log in with a browser (it is a mail server). The server has a buffer overrun exploit and for the life of me I just can't find what i'm missing to fix it. Any suggestions at all? If you need any more info just let me know and i'll post it.
Question by:avtronics
  • 2
  • 2
LVL 32

Accepted Solution

jhance earned 470 total points
ID: 2612842
At any point where you are accepting a data stream from the client, you must check for this problem.  I'd suggest one of two things, perhaps even both if you're paranoid:

1) Check the size of the input stream to make sure it doesn't exceed the size of the buffer in your application.

2) Limit the number of bytes that you will read from the input stream to some maximum.

Also, always verify every input from the client for bogus values, control characters where you were expecting text, NULLs, escape sequences, anything other than what you were expecting should be filtered or rejected.
LVL 32

Expert Comment

ID: 2612851
Oh, I forgot to mention.

If you can possibly avoid it, NEVER use a statically defined buffer like:

char MyBuffer[1024];

I know this is convenient but this is the #1 that this exploit is used.  Wherever you can, determine the size of the buffer needed and allocate the space needed using new or malloc.  Even if you have to keep allocating new buffers as the data comes in, do it that way.

But you still want to be sure to limit the maximum data you will accept to prevent a user from sending you so much data that your application exhausts it's memory space and crashes.

Expert Comment

ID: 2613199
In general always specify max amount to read,
for e.g don't use gets, use fgets instead as you can specify
a max amount to read.

If you use recv, make sure there isn't a mismatch between
the buffer size specified and the actual size,



Author Comment

ID: 2613499
Well thanks to both of you for answering so quickly. Just looking over it again I have found problems that both of you have given information on. I will have to wait until I'm on my machine and will compile the fixed source and should be able to let you know what's happened by tonight or tomorrow. I might just have to give both of you points! Thanks guys.

Author Comment

ID: 2613592
lexpert? If you would like I will post a question with the same point value for you to answer considering your answer was of assistance to me as well.

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Written by John Humphreys C++ Threading and the POSIX Library This article will cover the basic information that you need to know in order to make use of the POSIX threading library available for C and C++ on UNIX and most Linux systems.   [s…
Many modern programming languages support the concept of a property -- a class member that combines characteristics of both a data member and a method.  These are sometimes called "smart fields" because you can add logic that is applied automaticall…
The viewer will learn how to user default arguments when defining functions. This method of defining functions will be contrasted with the non-default-argument of defining functions.
The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question