At 10:02 AM -0500 6/9/04, Alun Jones wrote: >I did some work recently on .NET Security, trying to come up with some >examples that would demonstrate how you'd screw it up in code. It's >certainly difficult to come up with bad examples that aren't needlessly >bone-headed, but when you look at other people's code, you realise that an >awful lot of programmers are bone-headed. Buffer overflows can happen in >any language, no matter what those languages do to prevent them. > >Okay, that's a bold statement. I'd better back it up. If you have a >string-handling library of any kind, someone's going to come up with a >program design that builds a twenty character string for a person's name, >putting first name in the first ten characters, and last name in the last >ten characters. Eric Smith changes his first name to Navratilova, and he's >suddenly listed by the program as "Navratilovamith amith" - buffer overflow. >Sure, it doesn't overflow into the stack, but it overflows into important >data.
How does the buffer overflow "into important data" using "any language" ? With Ada and Pascal a 20 character array just has no syntax for storing a character into the 21st position. While it is true you will get a (possibly unanticipated) runtime exception rather than pleasing results, there is no opportunity for pleasing results in this situation. The clever programmer may add an exception handler to display a user friendly message like "get a name change" rather than the default "index out of bounds" or whatever. But neither the clever nor the lazy programmer gets an overflow "into important data". The boundary condition is detected and prevented from causing totally obscure failures.
