[ index ]

Buffer Overflow Anatomy 

void main(int argn, char **args) 
{
  char buff[32]; 

  // overflow occurs when argument
  // length is greater than 32 characters
  strcpy(buff,args[1]); 
  ...
}

C library functions such as strcpy(), strcat(), sprintf() and vsprintf() operate on null terminated strings and perform no bounds checking. gets() is another function that reads user input (into a buffer) from stdin until a terminating newline or EOF is found. The scanf() family of functions also may result in buffer overflows. Hence, the best way to deal with buffer overflow problems is to not allow them to occur in the first place. 

#define MAX (((a)>(b))?(a):(b))
void main(int argn, char **args) 
{
  // buff is initialized with '\0'
  static char buff[32]; 

  // safer
  strncpy(buff,MAX(31,strlen(args[1])); 
  ...
}

2003-03-14 18:11:34
FREE CONTENT: The articles published here are available for public use on websites that abide by the current Google AdSense publishing policies with the provision that a visible and unfettered link back to the original article here must be included immediately following the republished material.

©2008 Echo3 Online Services, LLC