Solved

Buffer overrun

Posted on 2000-03-13
5
348 Views
Last Modified: 2010-04-02
I will probably not give a good enough explanation but here goes. I have a program written in C++ that enables a user to log in with a browser (it is a mail server). The server has a buffer overrun exploit and for the life of me I just can't find what i'm missing to fix it. Any suggestions at all? If you need any more info just let me know and i'll post it.
0
Comment
Question by:avtronics
  • 2
  • 2
5 Comments
 
LVL 32

Accepted Solution

by:
jhance earned 470 total points
Comment Utility
At any point where you are accepting a data stream from the client, you must check for this problem.  I'd suggest one of two things, perhaps even both if you're paranoid:

1) Check the size of the input stream to make sure it doesn't exceed the size of the buffer in your application.

2) Limit the number of bytes that you will read from the input stream to some maximum.

Also, always verify every input from the client for bogus values, control characters where you were expecting text, NULLs, escape sequences, anything other than what you were expecting should be filtered or rejected.
0
 
LVL 32

Expert Comment

by:jhance
Comment Utility
Oh, I forgot to mention.

If you can possibly avoid it, NEVER use a statically defined buffer like:

char MyBuffer[1024];

I know this is convenient but this is the #1 that this exploit is used.  Wherever you can, determine the size of the buffer needed and allocate the space needed using new or malloc.  Even if you have to keep allocating new buffers as the data comes in, do it that way.

But you still want to be sure to limit the maximum data you will accept to prevent a user from sending you so much data that your application exhausts it's memory space and crashes.
0
 
LVL 3

Expert Comment

by:Iexpert
Comment Utility
In general always specify max amount to read,
for e.g don't use gets, use fgets instead as you can specify
a max amount to read.

If you use recv, make sure there isn't a mismatch between
the buffer size specified and the actual size,

etc..

0
 
LVL 1

Author Comment

by:avtronics
Comment Utility
Well thanks to both of you for answering so quickly. Just looking over it again I have found problems that both of you have given information on. I will have to wait until I'm on my machine and will compile the fixed source and should be able to let you know what's happened by tonight or tomorrow. I might just have to give both of you points! Thanks guys.
0
 
LVL 1

Author Comment

by:avtronics
Comment Utility
lexpert? If you would like I will post a question with the same point value for you to answer considering your answer was of assistance to me as well.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

In days of old, returning something by value from a function in C++ was necessarily avoided because it would, invariably, involve one or even two copies of the object being created and potentially costly calls to a copy-constructor and destructor. A…
What is C++ STL?: STL stands for Standard Template Library and is a part of standard C++ libraries. It contains many useful data structures (containers) and algorithms, which can spare you a lot of the time. Today we will look at the STL Vector. …
The goal of the tutorial is to teach the user how to use functions in C++. The video will cover how to define functions, how to call functions and how to create functions prototypes. Microsoft Visual C++ 2010 Express will be used as a text editor an…
The goal of the video will be to teach the user the difference and consequence of passing data by value vs passing data by reference in C++. An example of passing data by value as well as an example of passing data by reference will be be given. Bot…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now