TCHAR and buffer overflows
From: David Hopwood (david.hopwood@zetnet.co.uk)Date: 08/26/02
- Next message: Allan: "Any recommendations for safe network use?"
- Previous message: JaredCain: "Basic Authentication Password Save Question"
- In reply to: Edward Elliott: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Next in thread: Anon E. Maus: "Re: TCHAR and buffer overflows"
- Reply: Anon E. Maus: "Re: TCHAR and buffer overflows"
- Reply: Edward Elliott: "Re: TCHAR and buffer overflows"
- Maybe reply: Alun Jones: "Re: TCHAR and buffer overflows"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 25 Aug 2002 22:57:12 +0000 From: David Hopwood <david.hopwood@zetnet.co.uk>
-----BEGIN PGP SIGNED MESSAGE-----
Edward Elliott wrote:
> strcpy, strcat, sprintf, and scanf are also common offenders. Even
> strncpy, strncat, etc don't eliminate buffer overflows; they just make
> them harder. If you pass a length that's too long, you can get an overflow.
>
> MS had this problem in a lot of their programs. They would write code like
>
> WCHAR buf[256];
> strncpy(buf, src, sizeof(buf));
>
> The problem arises when WCHAR is defined as a Unicode character (the
> macro WCHAR was introduced to switch between ascii and unicode chars as
> needed).
I think you mean TCHAR (WCHAR always represents a UTF-16 code unit).
TCHAR is an abomination. For any program that needs to support Unicode,
decide on a specific UTF for the internal representation and use it
consistently. This is likely to require additional libraries for
platforms that have poor OS and/or C library support for Unicode, but
such libraries are available as open source (e.g. ICU).
> Since Unicode chars are two bytes long, and sizeof returns the
> size in bytes, sizeof(buf) is actually 512! The fix of course is to use
> sizeof(buf) / sizeof WCHAR, but the bug is very subtle. Even to most
> security people, the code looks fine at first.
It shouldn't look fine to either security people or i18n people.
strncpy treats the first zero byte in the source string as terminating
the string, so it simply doesn't work for copying UTF-16 strings. Anyway,
it will cause a compiler warning due to incompatible types.
Perhaps you meant to say "memcpy(buf, src, sizeof(buf));", but that works
correctly (assuming sizeof(src) >= sizeof(buf), and that src and buf don't
overlap) even for TCHAR.
IME, the skills required to write secure internationalised code are just
those required to write internationalised code, plus those required to
write secure code. As long as you're doing both correctly, there are no
hidden gotchas in the interaction between them.
- --
David Hopwood <david.hopwood@zetnet.co.uk>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBPWlf/jkCAxeYt5gVAQFEmwgAxs7zKDPqvnqXQzBAmmQ3E4n77RnxtHYV
MBWuiL0mRbE9xK8hP6cSsu3lUCukhsj3TZ2NefE9UKX3gASNsW0SXMQYU3YRKUwR
cVWAiwN4srmUddK8kVUsD2/ExrcOwNZdBdrYWc50ZIuK1Jbd0wldPCZPMXyXmUjF
NgpXaDrqQLiVig2hmess/ChLoYkDIoM/fNbqGKzcQ1gVltfA1VxtkLBg58vvCRWV
LSnMyFh30Udb4M1zXtL54CHBFQIWQk3OELrNWDCXa4cBw/+6/+EZOj5+rl4NpGwi
YM6fQDJGXWqYQs9FYJBr9M8iwft9a0D1+/ntD+pRDSHwAAsIcKgtVg==
=seQo
-----END PGP SIGNATURE-----
- Next message: Allan: "Any recommendations for safe network use?"
- Previous message: JaredCain: "Basic Authentication Password Save Question"
- In reply to: Edward Elliott: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Next in thread: Anon E. Maus: "Re: TCHAR and buffer overflows"
- Reply: Anon E. Maus: "Re: TCHAR and buffer overflows"
- Reply: Edward Elliott: "Re: TCHAR and buffer overflows"
- Maybe reply: Alun Jones: "Re: TCHAR and buffer overflows"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
