?
Solved

Buffer overrun

Posted on 2000-03-13
5
Medium Priority
?
353 Views
Last Modified: 2010-04-02
I will probably not give a good enough explanation but here goes. I have a program written in C++ that enables a user to log in with a browser (it is a mail server). The server has a buffer overrun exploit and for the life of me I just can't find what i'm missing to fix it. Any suggestions at all? If you need any more info just let me know and i'll post it.
0
Comment
Question by:avtronics
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 32

Accepted Solution

by:
jhance earned 1880 total points
ID: 2612842
At any point where you are accepting a data stream from the client, you must check for this problem.  I'd suggest one of two things, perhaps even both if you're paranoid:

1) Check the size of the input stream to make sure it doesn't exceed the size of the buffer in your application.

2) Limit the number of bytes that you will read from the input stream to some maximum.

Also, always verify every input from the client for bogus values, control characters where you were expecting text, NULLs, escape sequences, anything other than what you were expecting should be filtered or rejected.
0
 
LVL 32

Expert Comment

by:jhance
ID: 2612851
Oh, I forgot to mention.

If you can possibly avoid it, NEVER use a statically defined buffer like:

char MyBuffer[1024];

I know this is convenient but this is the #1 that this exploit is used.  Wherever you can, determine the size of the buffer needed and allocate the space needed using new or malloc.  Even if you have to keep allocating new buffers as the data comes in, do it that way.

But you still want to be sure to limit the maximum data you will accept to prevent a user from sending you so much data that your application exhausts it's memory space and crashes.
0
 
LVL 3

Expert Comment

by:Iexpert
ID: 2613199
In general always specify max amount to read,
for e.g don't use gets, use fgets instead as you can specify
a max amount to read.

If you use recv, make sure there isn't a mismatch between
the buffer size specified and the actual size,

etc..

0
 
LVL 1

Author Comment

by:avtronics
ID: 2613499
Well thanks to both of you for answering so quickly. Just looking over it again I have found problems that both of you have given information on. I will have to wait until I'm on my machine and will compile the fixed source and should be able to let you know what's happened by tonight or tomorrow. I might just have to give both of you points! Thanks guys.
0
 
LVL 1

Author Comment

by:avtronics
ID: 2613592
lexpert? If you would like I will post a question with the same point value for you to answer considering your answer was of assistance to me as well.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Errors will happen. It is a fact of life for the programmer. How and when errors are detected have a great impact on quality and cost of a product. It is better to detect errors at compile time, when possible and practical. Errors that make their wa…
In days of old, returning something by value from a function in C++ was necessarily avoided because it would, invariably, involve one or even two copies of the object being created and potentially costly calls to a copy-constructor and destructor. A…
The goal of the video will be to teach the user the concept of local variables and scope. An example of a locally defined variable will be given as well as an explanation of what scope is in C++. The local variable and concept of scope will be relat…
The viewer will learn how to user default arguments when defining functions. This method of defining functions will be contrasted with the non-default-argument of defining functions.
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question