Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Buffer overrun

Posted on 2000-03-13
5
Medium Priority
?
355 Views
Last Modified: 2010-04-02
I will probably not give a good enough explanation but here goes. I have a program written in C++ that enables a user to log in with a browser (it is a mail server). The server has a buffer overrun exploit and for the life of me I just can't find what i'm missing to fix it. Any suggestions at all? If you need any more info just let me know and i'll post it.
0
Comment
Question by:avtronics
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 32

Accepted Solution

by:
jhance earned 1880 total points
ID: 2612842
At any point where you are accepting a data stream from the client, you must check for this problem.  I'd suggest one of two things, perhaps even both if you're paranoid:

1) Check the size of the input stream to make sure it doesn't exceed the size of the buffer in your application.

2) Limit the number of bytes that you will read from the input stream to some maximum.

Also, always verify every input from the client for bogus values, control characters where you were expecting text, NULLs, escape sequences, anything other than what you were expecting should be filtered or rejected.
0
 
LVL 32

Expert Comment

by:jhance
ID: 2612851
Oh, I forgot to mention.

If you can possibly avoid it, NEVER use a statically defined buffer like:

char MyBuffer[1024];

I know this is convenient but this is the #1 that this exploit is used.  Wherever you can, determine the size of the buffer needed and allocate the space needed using new or malloc.  Even if you have to keep allocating new buffers as the data comes in, do it that way.

But you still want to be sure to limit the maximum data you will accept to prevent a user from sending you so much data that your application exhausts it's memory space and crashes.
0
 
LVL 3

Expert Comment

by:Iexpert
ID: 2613199
In general always specify max amount to read,
for e.g don't use gets, use fgets instead as you can specify
a max amount to read.

If you use recv, make sure there isn't a mismatch between
the buffer size specified and the actual size,

etc..

0
 
LVL 1

Author Comment

by:avtronics
ID: 2613499
Well thanks to both of you for answering so quickly. Just looking over it again I have found problems that both of you have given information on. I will have to wait until I'm on my machine and will compile the fixed source and should be able to let you know what's happened by tonight or tomorrow. I might just have to give both of you points! Thanks guys.
0
 
LVL 1

Author Comment

by:avtronics
ID: 2613592
lexpert? If you would like I will post a question with the same point value for you to answer considering your answer was of assistance to me as well.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show you some of the more useful Standard Template Library (STL) algorithms through the use of working examples.  You will learn about how these algorithms fit into the STL architecture, how they work with STL containers, and why t…
This article shows you how to optimize memory allocations in C++ using placement new. Applicable especially to usecases dealing with creation of large number of objects. A brief on problem: Lets take example problem for simplicity: - I have a G…
The viewer will learn how to user default arguments when defining functions. This method of defining functions will be contrasted with the non-default-argument of defining functions.
The viewer will learn how to clear a vector as well as how to detect empty vectors in C++.

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question