If we want our programs to be protected against buffer overflows, must we
check the size of the various containers explicitly?
E.g.
#include <iostream>
#include <string>
int main()
{
using namespace std;
string s;
while(cin>>s)
;
// ...
}
should become:
#include <iostream>
#include <string>
#include <cctype>
int main()
{
using namespace std;
string s;
while(cin && s.size()<s.max_ size())
{
char c;
cin>>c;
if(isspace(c))
continue;
s.push_back(c);
}
// ...
}
Ioannis Vranos 13 2852
"Ioannis Vranos" <iv*@guesswh.at .emails.ru> wrote in message
news:c5******** ***@ulysses.noc .ntua.gr... If we want our programs to be protected against buffer overflows, must we check the size of the various containers explicitly?
E.g.
#include <iostream> #include <string>
int main() { using namespace std;
string s, temp;
while(cin>>temp )
s+=temp;
// ... }
should become:
#include <iostream> #include <string> #include <cctype>
int main() { using namespace std;
string s;
while(cin && s.size()<s.max_ size()) { char c;
cin>>c;
if(isspace(c)) continue;
s.push_back(c); } // ... } Ioannis Vranos
I'm puzzled. Is it even *possible* for s.size() to have a value greater
than s.max_size()? That would seem to violate the concept of "max",
wouldn't it? So, shouldn't the streaming operator prevent s.size() from
ever exceeding s.max_size() in the first place, making any such check on
your part redundant?
I know that checking for buffer overruns is important when filling arrays,
but I would think one of the advantages of using a string class and
streaming operators is to protect against such things.
But for filling arrays, I'd agree on your design, where you add one
character at a time. It's silly to try to see if you've *already* overrun
memory.
-Howard
On Tue, 13 Apr 2004 14:59:35 +0300 in comp.lang.c++, "Ioannis Vranos"
<iv*@guesswh.at .emails.ru> wrote, If we want our programs to be protected against buffer overflows, must we check the size of the various containers explicitly?
You need to ensure that the sizes are checked.
How explicit it is, is another matter.
string s;
while(cin>>s)
Here std::string and its operator>> do the checking.
So, it does not need to be explicit.
Howard wrote: I'm puzzled. Is it even *possible* for s.size() to have a value greater than s.max_size()? That would seem to violate the concept of "max", wouldn't it?
I believe so. I was unable to find exact details, but I'm fairly sure
that attempting to exceed a container's max_size will fail for one
reason or another. I suspect it will fail due to memory exhaustion
before you get to that point, and if that doesn't occur it will probably
throw an exception. The standard definitely says that an exception will
be thrown in a few cases (like calling reserve() for a vector where the
new capacity is too large, if I recall correctly).
So, shouldn't the streaming operator prevent s.size() from ever exceeding s.max_size() in the first place, making any such check on your part redundant?
I think the container (or string) itself will prevent it.
-Kevin
--
My email address is valid, but changes periodically.
To contact me please use the address from a recent posting.
Ioannis Vranos wrote: "Ioannis Vranos" <iv*@guesswh.at .emails.ru> wrote in message news:c5******** ***@ulysses.noc .ntua.gr...
If we want our programs to be protected against buffer overflows, must we check the size of the various containers explicitly?
E.g.
#include <iostream> #include <string>
int main() { using namespace std;
string s, temp;
while(cin>>temp ) s+=temp;
// ... }
The library is responsible for managing the buffers and preventing their
overflowing. I generally assume memory exhaustion will occur before
anything else. If max_size() is reached first, I'm not 100% sure what
should happen. My guess is that an exception will be thrown, either
length_error or bad_alloc. In effect, exceeding max_size() means
exhausting the memory of the allocator I think, so bad_alloc might be
appropriate, though I suppose I should check the standard and see how
allocators are supposed to handle running out of memory.
From a security standpoint, if we assume that an overflow of this sort
could exist, it seems likely that an attack exploiting such an overflow
would have much less chance of succeeding than a traditional
fixed-buffer-length overflow attack. max_size() is probably up around 2
or 4 billion. That's a hell of a lot of data to dump into the program.
If it were a remote attack, it would take quite a while to transfer all
that (over 3 minutes on a 10 Mbps connection?), and I imagine a IDS
(which I know nothing about) would have a very good chance of detecting
that.
-Kevin
--
My email address is valid, but changes periodically.
To contact me please use the address from a recent posting.
"Kevin Goodsell" <us************ *********@never box.com> wrote in message
news:Oy******** *********@newsr ead2.news.pas.e arthlink.net... The library is responsible for managing the buffers and preventing their overflowing. I generally assume memory exhaustion will occur before anything else.
This can't happen on all modern systems using virtual memory (swap) file. If
one has 10 GB swap file my guess is that max_size() can be reached. I am too
bored to check the standard but if noone provides an answer i shall be
forced to do so, since i can't live for long with such a question.
If max_size() is reached first, I'm not 100% sure what should happen. My guess is that an exception will be thrown, either length_error or bad_alloc. In effect, exceeding max_size() means exhausting the memory of the allocator I think, so bad_alloc might be appropriate, though I suppose I should check the standard and see how allocators are supposed to handle running out of memory.
From a security standpoint, if we assume that an overflow of this sort could exist, it seems likely that an attack exploiting such an overflow would have much less chance of succeeding than a traditional fixed-buffer-length overflow attack. max_size() is probably up around 2 or 4 billion. That's a hell of a lot of data to dump into the program. If it were a remote attack, it would take quite a while to transfer all that (over 3 minutes on a 10 Mbps connection?), and I imagine a IDS (which I know nothing about) would have a very good chance of detecting that.
Buffer overflow attacks happen all the time. However i am not checking about
protection against attacks here. This is a general reliability question. If
there is no such a check implicitly in standard library containers, the
whole scenario will defeat the abstraction mechanism of the standard library
and i do not think this can happen anyway. In 15 minutes or so i 'll check
the standard and drop a message here.
Ioannis Vranos
Ioannis Vranos wrote: "Kevin Goodsell" <us************ *********@never box.com> wrote in message news:Oy******** *********@newsr ead2.news.pas.e arthlink.net...
The library is responsible for managing the buffers and preventing their overflowing . I generally assume memory exhaustion will occur before anything else. This can't happen on all modern systems using virtual memory (swap) file. If one has 10 GB swap file my guess is that max_size() can be reached. I am too bored to check the standard but if noone provides an answer i shall be forced to do so, since i can't live for long with such a question.
I found this in the unofficial list of C++2003 changes:
Insert subclause 21.3, paragraph 4a:
4a For any string operation, if as a result of the operation,
size() would exceed max_size() then the operation throws
length_error.
Strangely, I couldn't find anything similar for other containers.
-Kevin
--
My email address is valid, but changes periodically.
To contact me please use the address from a recent posting.
Kevin Goodsell wrote: Ioannis Vranos wrote:
"Kevin Goodsell" <us************ *********@never box.com> wrote in message news:Oy******** *********@newsr ead2.news.pas.e arthlink.net...
The library is responsible for managing the buffers and preventing their overflowing. I generally assume memory exhaustion will occur before anything else.
This can't happen on all modern systems using virtual memory (swap) file. If one has 10 GB swap file my guess is that max_size() can be reached. I am too bored to check the standard but if noone provides an answer i shall be forced to do so, since i can't live for long with such a question.
I found this in the unofficial list of C++2003 changes:
Insert subclause 21.3, paragraph 4a:
4a For any string operation, if as a result of the operation, size() would exceed max_size() then the operation throws length_error.
Strangely, I couldn't find anything similar for other containers.
This document, by the way, came from Stroustrup's web page if I recall
correctly. If it's not there, then maybe it was Koenig's page.
-Kevin
--
My email address is valid, but changes periodically.
To contact me please use the address from a recent posting.
"Kevin Goodsell" <us************ *********@never box.com> wrote in message
news:u9******** *********@newsr ead2.news.pas.e arthlink.net... Ioannis Vranos wrote:
"Kevin Goodsell" <us************ *********@never box.com> wrote in message news:Oy******** *********@newsr ead2.news.pas.e arthlink.net...
The library is responsible for managing the buffers and preventing their overflowing . I generally assume memory exhaustion will occur before anything else. This can't happen on all modern systems using virtual memory (swap)
file. If one has 10 GB swap file my guess is that max_size() can be reached. I am
too bored to check the standard but if noone provides an answer i shall be forced to do so, since i can't live for long with such a question.
I found this in the unofficial list of C++2003 changes:
Insert subclause 21.3, paragraph 4a:
4a For any string operation, if as a result of the operation, size() would exceed max_size() then the operation throws length_error.
Can you provide the URL please? And what is C++2003? I assume C++0x as it
had so far?
Regards,
Ioannis Vranos This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: David Sworder |
last post by:
Hi there,
I come from a Visual C++ background. When writing a service that's
exposed to the Internet, I had to check the incoming data stream (from the
client) VERY carefully. If a hacker was able to overflow one of the memory
buffers in my app, he was then able to execute code of his choosing within
the security context of the service. This led to all sorts of precautionary
measures such as ensuring that the service ran in a low-access...
|
by: Ioannis Vranos |
last post by:
If we want our programs to be protected against buffer overflows, must we
check the size of the various containers explicitly?
E.g.
#include <iostream>
#include <string>
int main()
|
by: Tommy |
last post by:
Hi all. I am studying computer security, and I got this short and
simple (?) c-code. Something is logical wrong in this code, and if
used in the wrong hands of someone, it could be taken advantage of.
Here is the code:
main ()
{ char buffer;
|
by: Tim::.. |
last post by:
Hi...
I have a major problem with a web application I am about to launch and just
can't find out what the problem is...
I believe it might be a Buffer Overflow problem but can't pin point the
source of the error! Basically what happens is when I launch the application
on my test server it seems to take quite a while to load the fist page. The
Application is accessing an SQL server but it doesn't pull very much
information... (100...
|
by: jay |
last post by:
I am attempting to impersonate an account in ASPNET. I am using
aspnet_setreg to store the username and passwords. I have given the
ASPNET account permisision to read the registry values. However, the
application throws:
"Could not create Windows user token from the credentials specified in
the config file. Error from the operating system 'A required privilege
is not held by the client'."
This occurs even when the ASPNET account has...
| |
by: Tim |
last post by:
Hi,
I'm experiencing some problem with the following code:
st = File.Open(sFilename, FileMode.Open, FileAccess.ReadWrite)
br = New BinaryReader(st)
Do Until br.PeekChar = -1
Dim buffer() As Byte = br.ReadBytes(1024)
...
|
by: Chris |
last post by:
I have experienced the "Blank Message Box" problem when using McAfee 8
with Visual Studio and VB. I can disable buffer overflow protection
and it fixes the problem, but it is only temporary as my company uses
McAfee 8.0i Enterprise version. After I disable the buffer overflow
protection, after a short period of time (usually less than a minute or
two), the setting has reverted back. This is apparently an enterprise
wide rule to have it...
|
by: Notebooker |
last post by:
Hello,
I'm an intermediate noob reading-in data from ascii-file using an
ifstream object.
I have specified a c-style string buffer with size of type size_t and I
am specifying to use this buffer size as the number of characters to
read in using the function read(). The issue I am having is read()
expects that the value for the number of characters to read-in will be
of type std::streamsize, which is apparently signed int. My buffer
|
by: raashid bhatt |
last post by:
do buffer overflow happens with global variables
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |