buffer-overflow

I've been asked to maintain a large C++ codebase full of memory leaks. While poking around, I found out that we have a lot of buffer overflows that lead to the leaks (how it got this bad, I don't ever want to know). I've decided to removing the buffer overflows first. To make my bug-hunting easier, what tools can be used to check for buffer overruns? On Linux I'd use Valgrind. Consider using more modern data structures as a way of avoiding buffer overflows. Reading into a std::string won't overflow, and std::vectors are much safer than arrays. I don't know what your application is, and it's

I've written a piece of C code and I've disassembled it as well as read the registers to understand how the program works in assembly. int test(char *this){ char sum_buf[6]; strncpy(sum_buf,this,32); return 0; } The piece of my code that I've been examining is the test function. When I disassemble the output my test function I get ... 0x00000000004005c0 <+12>: mov %fs:0x28,%rax => 0x00000000004005c9 <+21>: mov %rax,-0x8(%rbp) ... stuff .. 0x00000000004005f0 <+60>: xor %fs:0x28,%rdx 0x00000000004005f9 <+69>: je 0x400600 <test+76> 0x00000000004005fb <+71>: callq 0x4004a0 <__stack_chk_fail@plt>

What is different between stack overflow and buffer overflow in Programming ? Stack overflow refers specifically to the case when the execution stack grows beyond the memory that is reserved for it. For example, if you call a function which recursively calls itself without termination, you will cause a stack overflow as each function call creates a new stack frame and the stack will eventually consume more memory than is reserved for it. Buffer overflow refers to any case in which a program writes beyond the end of the memory allocated for any buffer (including on the heap, not just on the

"The average man does not want to be free. He simply wants to be safe." - H. L. Menken I am attempting to write very secure C. Below I list some of the techniques I use and ask are they as secure as I think they are. Please don't not hesitate to tear my code/preconceptions to shreds. Any answer that finds even the most trivial vulnerability or teaches me a new idea will be highly valued . Reading from a stream: According to the GNU C Programming Tutorial getline: The getline function will automatically enlarge the block of memory as needed, via the realloc function, so there is never a

I know it's possible to overflow ordinary code: char string[9]; scanf("%s", string). But is it possible to overflow scanf("%8s", string)? 8 is just an example. I know "%8s" works like a delimit, but I also notice when I input string longer than 8 chars, the program will terminate due to: * stack smashing detected * : ./a.out terminated ======= Backtrace: ========= ... Obviously there's a flag that detects stack smashing turned on by GCC by default. Since this is a stack smashing, then my guess is that it is still possible to overflow and execute arbitrary code. Contrary to normal overflow that

Okay, so I was teaching my girlfriend some c++, and she wrote a program that I thought wouldn't work, but it did. It accesses one more element in the array then there is (for instance, accessing array[5] for an array of size 5). Is this an instance of a buffer overflow? My thoughts on it are that it's writing to/accessing the memory directly after the array, is this correct? Basically my question here is..why does this work? #include <iostream> using namespace std; int main() { int size; cout << "Please enter a size for the array." << endl; cin >> size; cout << endl; cout << "There are " <<

This question already has an answer here: How can I get the size of a memory block allocated using malloc()? [duplicate] 9 answers I have a buffer and want to do a test to see if the buffer has sufficient capacity I.e. find number of elements I can add to the buffer. char *buffer = (char *)malloc(sizeof(char) * 10); Doing a int numElements = sizeof(buffer); does not return 10, any ideas on how I can accomplish this? buffer is just a pointer without size information. However the malloc() routine will hold the size of the allocation you made so when you free() it, it frees the right amount of

I have a buffer, I am doing lot of strncat. I want to make sure I never overflow the buffer size. char buff[64]; strcpy(buff, "String 1"); strncat(buff, "String 2", sizeof(buff)); strncat(buff, "String 3", sizeof(buff)); Instead of sizeof(buff), I want to say something buff - xxx. I want to make sure I never override the buffer Take into consideration the size of the existing string and the null terminator #define BUFFER_SIZE 64 char buff[BUFFER_SIZE]; //Use strncpy strncpy(buff, "String 1", BUFFER_SIZE - 1); buff[BUFFER_SIZE - 1] = '\0'; strncat(buff, "String 2", BUFFER_SIZE - strlen(buff) -