I'm curious here.
I've heard about exploits from struct loading, not checking buffers.
Say the struct looked something like this:
typedef struct
{
char uflag;
int length;
} header;
so, using what you told us about pack:
The size of that structure will be 64 bits, or 8 bytes.
Which means that from byte 2 to byte 4, there is padding.
Now, if the exploiter decided to fill in those three bytes, how is that going
to cause problems for the programmer? If the programmer reads four bytes,
knowing that the struct is padded, trims off the first byte and continues with
life, the padding will simply be ignored.
Exploits are extremely common, but people seem worried about talking about them.
I'd like to learn about them, and preventative measures so I don't run through
life patching up code, any ideas there?
Thanks,
Tyler Littlefield
http://tysdomain.com
----- Original Message -----
From: Thomas Hruska
To: [email protected]
Sent: Monday, January 05, 2009 8:58 PM
Subject: Re: [c-prog] #pragma definition?
Jos Timanta Tarigan wrote:
> Hi,
>
> i notice this line:
>
> #pragma pack(push,1)
> struct TGAHeader {
>
> bla bla bla...
>
> };
> #pragma pack(pop)
>
> what is the definition of pragma exatly? i use this struct as a header that
will be written in a file. when i delete this line, the file can not be opened
by the application (corrupted). can any1 help me?
> *googled but not understand :(
>
> thanks in advance
pack() is a VC++ specific #pragma directive. It declares the padding of
the structure's variables. Assuming a 32-bit target, VC++ will pad each
variable to a 32-bit boundary by default regardless of variable size.
The #pragma pack() directive alters this behavior. The example above is
fairly common and forces padding to occur to the nearest byte.
Do:
printf("%u", sizeof(TGAHeader));
Then run the program with and without the #pragma's to see the
difference in structure size. Smaller structures do not mean faster,
but if you are attempting to read a whole structure in from a file in a
single read, packed structures can be the way to go. IMO, you should
always filter data for validity before loading a structure - too many
software exploits have happened because some programmer took the easy
route and simply loaded a structure and then immediately used it without
checking it for validity.
--
Thomas Hruska
CubicleSoft President
Ph: 517-803-4197
*NEW* MyTaskFocus 1.1
Get on task. Stay on task.
http://www.CubicleSoft.com/MyTaskFocus/
__________ NOD32 3741 (20090105) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com
[Non-text portions of this message have been removed]
