HTTP Buffer Overflows

Adam L. Beberg beberg@mithral.com
Fri, 8 Mar 2002 16:52:41 -0800 (PST)


On Fri, 8 Mar 2002, Joseph S. Barrera III wrote:

> That's okay, I've removed strcpy(dst, src) from all my code, so you won't
> find it.
>
> I use strncpy(dst, src, 123456789) instead.

Actually, the fix is to simply not put buffers on the stack. strncpy and
friends don't fix your edge conditions or programmers logic errors, but
reduce them to easily spotted data curruption issues or segfaults.

No buffers on stacks, no way to attack the stack.

This is the actual reason you can't attack the stack with all the new
languages, because all data is indirect through pointers. Ages ago there was
an (IBM?) architecture that separated the program counter stack from the
data stacks in hardware - an idea too good to last, now you're lucky if you
can even keep user processes out of the kernel at all.

- Adam L. "Duncan" Beberg
  http://www.mithral.com/~beberg/
  beberg@mithral.com