whats an unchecked buffer?

whats an unchecked buffer?

Post by davi » Tue, 23 Sep 2003 04:53:04


With all the hooplah about unchecked buffer overruns in
this or that applet, control etc, I have one question:
WHAT THE HELL IS AN UNCHECKED BUFFER?
thanks. ( once again microsoft shows it has stupid, large,
slow code)
 
 
 

whats an unchecked buffer?

Post by helpe » Tue, 23 Sep 2003 05:15:48

"Buffer Overrun
An attack in which a malicious user exploits an unchecked buffer
in a program and overwrites the program code with their own data.
If the program code is overwritten with new executable code, the
effect is to change the program's operation as dictated by the attacker.
If overwritten with other data, the likely effect is to cause the program
to crash"
http://www.yqcomputer.com/

In most cases this is programmer's error.

You're very much CONFUSED if you think that it's Microsoft specific
problem. ANY system where humans are involved in its development
is error prone. Because we are after all, just human.

Just take for example recent buffer overruns in SSH (used by most
administrators) and sendmail on most unix distributions:

http://www.yqcomputer.com/ "Buffer Management
Vulnerability "

http://www.yqcomputer.com/ "Fix a buffer overflow in address
parsing"

As you can see it's NOT Microsoft specific. Nothing is perfect.
But Microsoft will be trying its best.

 
 
 

whats an unchecked buffer?

Post by melvi » Tue, 23 Sep 2003 06:13:05

This Newsgroup is not a place to vent your anger or get
your "rocks off". You are lucky to get free help. There is
no need to be abusive within this Newgroup.

Melvin



buffer
own data.
code, the
by the attacker.
cause the program
y.asp
Microsoft specific
development
by most
Management
overflow in address
perfect.


large,
 
 
 

whats an unchecked buffer?

Post by Kent W. En » Tue, 23 Sep 2003 12:12:11

It's an error condition that your compiler does not protect you from.
The responsibility is offloaded to the programmer who might forget to
check every data input.

Another way to put it is that it is an unfortunate legacy of the C
language compiler. If everyone used some other programming language that
checked input buffers, then this wouldn't be a problem.

--
Kent W. England, Microsoft MVP for Windows



"david" < XXXX@XXXXX.COM > wrote in
 
 
 

whats an unchecked buffer?

Post by Steven Joh » Tue, 23 Sep 2003 18:43:14

The best description of unchecked buffers I've read is, "Smashing the Stack
for Fun and Profit" http://www.yqcomputer.com/

I don't think you'll find it's a simple matter of stupid, large, slow code.
Also, with .Net's common language runtime, programs will suffer from this
less and less as it is adopted more and more.

Steve.