Re: [Pvfs2-developers] Buffer overflows when using protocol decode functions

Tue, 01 Jun 2010 12:20:42 -0700 

Nope, no overflow checks in PVFS.  We've seen segfaults on the server from 
buggy client code that has sent serialized data with encoded sizes that cause 
overflows.

If you were willing and motivated to modify the encoding implementation, I 
think you could change the encoding macros to take a pointer to a struct:

struct encoding_buffer
{
        char *buffer;
        int size;
        char *current;
};

Instead of the char **pptr.  current would allow you to keep track of where you 
are in the buffer as you're decoding.  This would allow you to do the proper 
checks as you're decoding a message to ensure you don't decode past the end of 
the buffer.  Might be a non-trivial change though.

-sam

On Jun 1, 2010, at 2:07 PM, Phil Carns wrote:

> Hi Nick,
> 
> There isn't anything in the server to prevent the scenario that you 
> described, as far as I know.
> 
> -Phil
> 
> On 06/01/2010 12:57 PM, Nicholas Mills wrote:
>> Hey all,
>> 
>> Is there any code in place to prevent buffer overflows when decoding server 
>> messages (requests and responses)? In particular I'm thinking of the 
>> variable-length types like string that are prefixed with their size. It 
>> seems to me that if the size is encoded incorrectly then there is nothing to 
>> prevent the server from attempting to read past the end of the request data.
>> 
>> Buffer overflows are a concern for me because I'm using the encode/decode 
>> functions to serialize some security data. I'd like the implementation to be 
>> as robust as possible; however, if the server code itself doesn't protect 
>> against buffer overflows then there's not much point to me adding it only to 
>> my code.
>> 
>> Thanks,
>> 
>> Nick
>> 
>> _______________________________________________
>> Pvfs2-developers mailing list
>> 
>> [email protected]
>> http://www.beowulf-underground.org/mailman/listinfo/pvfs2-developers
>> 
>>   
>> 
> 
> _______________________________________________
> Pvfs2-developers mailing list
> [email protected]
> http://www.beowulf-underground.org/mailman/listinfo/pvfs2-developers


_______________________________________________
Pvfs2-developers mailing list
[email protected]
http://www.beowulf-underground.org/mailman/listinfo/pvfs2-developers

Reply via email to