Re: IP Level Encryption

From: Michael Brown (see_at_signature.below)
Date: 12/14/03 

Date: Sun, 14 Dec 2003 22:17:14 +1300

Tom St Denis wrote:
> "Henrick Hellström" <henrick.hellstrm@telia.com> wrote in message
> news:DTECb.38035$mU6.136034@newsb.telia.net...
>> Robert Wessel wrote:
>>> struct abc {char c[8]; int (*func)(int);};
>>> ...
>>> struct *pabc;
>>> pabc = malloc(sizeof(struct abc));
>>> pabc->func = somefunction;
>>> ...
>>> strcpy(pabc->c, "abcdefgh\x12\x34\x56\x78");
>>> (pabc->func)(1); /* now calls address 0x12345678 or 0x78563412 */
>>
>> Well, wasn't my point that you should avoid C and use Delphi
>> instead? <vbg>
>
> I don't see Delphi as being particularly invulnerable to this attack
> unless you do runtime range checking [re: slow down application]

I don't think run-time range-checking slows down an application that much if
used sensibly. To check to see whether something is within range only
requires about 10 cycles (MOV, CMP, JGE). By "sensibly" I mean that if
you're going to copy a whole lot of somethings, or process a whole lot of
somethings, do a range-check before processing to make sure all arguments
are within range, rather than checking for each access. The thing about
Delphi (actually Pascal in general) is that it makes range checking easier
than in C with its string type and dynamic arrays. I've written several
decent-sized network apps where I can virtually prove that buffer overruns
are impossible (assuming the underlying compiler/OS libraries are safe of
course, the latter of which is certainly not a given from history ...). This
is a lot harder to do in straight C, though with some of the STL classes,
it's a lot more doable in C++ as you can effectively do typed dynamic arrays
in there.

In Delphi, as long as you use Length() and friends in moderation, the
performance hit is very small. With Java (I'm not sure about C#, though I
would expect it to be the same) every array access is range-checked. This
incurs a fairly large performance hit, even more so because of the
abstraction of data types in these languages. I think there'd probably be a
bigger performance hit from having a poorer compiler (Delphi is good, but
not up there with the Intel C compiler) than using dynamic arrays in Delphi.

>> This is the most conventional way to do it in Delphi:
>>
>> type
>> // Declare TFunc with Register calling convention
>> // Value is passed as EAX and the result is passed as EAX
>> TFunc = function (Value: Integer): Integer; register;
>>
>> TAbc = class
>> private
>> // The string type is a 32 bit pointer to a reference counted
>> // array of char
>> FC: string;
>> FFunc: TFunc;
>
> This is immediately different. Your "string" can grow. An
> appropriate example would have an array of N chars that was fixed
> [e.g. doesn't grow].

Of course. But it comes down to how programs are "normally" written in the
language. Judging by a lot of code out there, fixed-length arrays are common
in the C/C++ world. In the Delphi/Pascal world, fixed-length arrays or
strings (as in an array of chars, not the string type) are quite rare unless
you're writing code to load fixed-size records out of a file or something.
Heck, most "newbie" Delphi/Pascal programmers don't even know about the
PChar ("char *" in C) type, except that it's something you've got to
typecast to if you want to talk to Win32 functions. 

--
Michael Brown
www.emboss.co.nz : OOS/RSI software and more :)
Add michael@ to emboss.co.nz - My inbox is always open

Relevant Pages

  • Re: How to make Delphi code quicker
    ... is simply no way to speed up Delphi code without ... you can get a lower time complexity by allowing a higher memory complexity. ... If you are working with arrays: use helper arrays, one dimension smaller, for caching. ... Don't address the same array element over and over again, instead push it in a variable. ...
    (borland.public.delphi.language.basm)
  • Re: Safe pointer arithmetic and typecasts :D
    ... >> I always wondered how to do safe pointer aritmetic in delphi without ... > There is no really safe method of doing pointer arithmatic in any ... > turned on the program is going to catch any invalid indexes. ... Using arrays and indices instead would make it even more difficult. ...
    (alt.comp.lang.borland-delphi)
  • C++-DLL in Delphi nutzen
    ... Ich binde eigene mit Delphi erzeugte DLL's dynamisch wie folgt in mein ... Spl: TSplProc; ... Verwende ich statische Arrays, so funktionierts auch. ... Oder geht das Ganze gar nicht mit dynamischen Arrays? ...
    (de.comp.lang.delphi.misc)
  • Re: Compiler optimisation
    ... and C++ compiler that can beat Delphi 5-10x ... in floating point and integer math that uses arrays. ... The only are where Delphi is still "in class" ...
    (borland.public.delphi.non-technical)
  • Re: zip
    ... unicode file names ... The longer version of the story is that I am using SyncBackSE ... utility (written in Delphi) which in turn uses some 3rd party compression ... full names longer than 255 chars (imagine a document in My Documents ...
    (borland.public.delphi.thirdpartytools.general)