News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

C programmers mistakes.

Started by Farabi, April 23, 2005, 02:54:34 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions

Tedd

#15
April 26, 2005, 03:46:00 PM
Ping uses part of the underlying socket support. In the ICMP (internet control message protocol) there's an ECHO command - this is all it does. You don't need any 'special' software, it's like TCP or UDP - you expect it to be there.
Of course, just to make things difficult, it could be disabled :bdg
No snowflake in an avalanche feels responsible.

Mark Jones

#16
March 23, 2006, 07:55:36 PM
So Hutch, the discussion about ArgClC being possibly exploitable was a little unclear: should we be using GetCL and 128-byte strings for command-line apps?
"To deny our impulses... foolish; to revel in them, chaos." MCJ 2003.08

PBrennick

#17
March 23, 2006, 10:43:42 PM
Are you really going to trust anything he says, at this point?  He is just going to get defensive and yell at people.

Paul
The GeneSys Project is available from:
The Repository or My crappy website

Mark Jones

#18
March 23, 2006, 11:46:30 PM
Well I hope nobody needs to get defensive or anything. :toothy

ArgClC works great; no doubt about that. It's still unclear to me exactly what is being said in this thread is all, so that's why I asked. :)
"To deny our impulses... foolish; to revel in them, chaos." MCJ 2003.08

hutch--

#19
March 24, 2006, 12:18:48 AM
Mark,

the trick is to simply check the length of the buffer supplied by GetCommandLine() before anything tries to work on the data in the buffer. A buffer overflow can only work if the data supplied is larger than an algorithms published size limit. The vast majority of command line utilities are never exposed to security threats and it is a mistake to imposed a pile of security junk when its not needed in most instances. A command line parser is a different animal to a buffer size check and a buffer size check is no more than testing for the buffer length with a zero terminated string.

I added a later version in masm32 version 9.0 called "getcl_ex" that calls the left to right argument scanner "ArgByNumber" which will handle far larger buffers than the 32k limit of a command line so if you need to track down the details of a command line based buffer overflow, it will routinely do this if you need to.

Paul Brennick,

If you want to try and snipe at me, don't do it in the Campus or it will be removed.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

PBrennick

#20
March 24, 2006, 01:36:18 AM
Okay, another time, another place.
Paul
The GeneSys Project is available from:
The Repository or My crappy website

Mark Jones

#21
March 24, 2006, 07:26:40 PM
Quote from: hutch-- on March 24, 2006, 12:18:48 AM
...and a buffer size check is no more than testing for the buffer length with a zero terminated string.

Sounds good to me, a quick & easy solution. It's hard not to be "anal" about security features in this day and age. :wink
"To deny our impulses... foolish; to revel in them, chaos." MCJ 2003.08
Print
Go Up Pages 1 2
User actions