SecurityFocus

RE: Are bad developer libraries the problem with M$ software? Nov 16 2002 01:00AM
Michael Howard (mikehow microsoft com) (2 replies)

RE: Are bad developer libraries the problem with M$ software? Nov 16 2002 07:03PM
Frank Knobbe (fknobbe knobbeits com) (3 replies)

Re: Are bad developer libraries the problem with M$ software? Nov 18 2002 07:36PM
Casper Dik (Casper Dik Sun COM) (1 replies)

Re: Are bad developer libraries the problem with M$ software? Nov 18 2002 11:10PM
Andrew Griffiths (andrewg d2 net au) (1 replies)

Hi all,

>
> Same problem; not safe anyway. (sizeof (dst) - strlen(dst) - 1, if anything)
>

Another thing to use is consistency, for example,

char dst[50];
strncpy(dst, user_supplied_data, sizeof(dst));
strncat(dst, sizeof(dst) - strlen(dst) -1, moreuserdata);

This could be exploitable if user_supplied_data is 50 or more bytes long.

In specific,

50 - 50 - 1 == -1

Since strncat's len parameter is size_t (which is unsigned), strncat is
willing to append _way_ to many bytes. IIRC, some fingerd's had this
problem (possibly some identd, *shrug*).

Similar things can be done to snprintf and so on. A wrapper around those
library calls could be used to check if its unsigned (and wouldn't
have that much drawback, because I can't think of anything that'd do a
>2G string operation normally), by using int as opposed to size_t.

I guess this comes to the class of integer over/under flows now :)

Sincerely,
Andrew Griffiths

[ reply ]

Re: Are bad developer libraries the problem with M$ software? Nov 19 2002 03:25AM
Frank Knobbe (fknobbe knobbeits com) (3 replies)

Re: Are bad developer libraries the problem with M$ software? Mar 22 2003 09:56AM
Casper Dik (Casper Dik Sun COM)

Re: Are bad developer libraries the problem with M$ software? Nov 19 2002 10:57PM
Andrew Dalgleish (secprog andrewdalgleish dyndns org) (2 replies)

Re: Are bad developer libraries the problem with M$ software? Nov 22 2002 03:31PM
Frank Knobbe (fknobbe knobbeits com)

Re: Are bad developer libraries the problem with M$ software? Nov 22 2002 07:11AM
Valdis Kletnieks vt edu

Re: Are bad developer libraries the problem with M$ software? Nov 18 2002 11:22PM
Andrew Griffiths (andrewg d2 net au)

Re: Are bad developer libraries the problem with M$ software? Nov 18 2002 06:54PM
John Viega (viega securesoftware com) (2 replies)

Re[2]: Are bad developer libraries the problem with M$ software? Nov 21 2002 04:34PM
dullien gmx de

Re: Are bad developer libraries the problem with M$ software? Nov 18 2002 09:46PM
Frank Knobbe (fknobbe knobbeits com) (1 replies)

Re: Are bad developer libraries the problem with M$ software? Nov 19 2002 09:31AM
Steffen Dettmer (steffen dett de) (1 replies)

Re: Are bad developer libraries the problem with M$ software? Nov 22 2002 03:35PM
Tim van Erven (tripudium chello nl)

Re: Are bad developer libraries the problem with M$ software? Nov 18 2002 06:26PM
Götz Babin-Ebell (babinebell trustcenter de)

Re: Are bad developer libraries the problem with M$ software? Nov 16 2002 03:29PM
Alex Lambert (alambert webmaster com) (1 replies)

Re: Are bad developer libraries the problem with M$ software? Nov 17 2002 01:46AM
Glynn Clements (glynn clements virgin net)