Subject: Re: exploit with memcpy()
To: TAMURA Kent <firstname.lastname@example.org>
From: Frank van der Linden <email@example.com>
Date: 07/02/2002 16:03:09
On Tue, Jul 02, 2002 at 08:10:31PM +0900, TAMURA Kent wrote:
> The code executes /bin/sh and this is a method used in Apache
> exploit. It doesn't mean memcpy() is vulnerable. However, we
> can protect from this kind of exploit by adding checks to
> memcpy/memmove/bcopy like the following. May I commit it?
> (Unfortunately I can't write assembly code for non-i386)
This has come up before. I am against this kind of 'defensive
programming' in library functions. The callers should be
fixed, not the function.
There are a lot of ways in which library functions could fail
when passed bad arguments, like NULL pointers. Checking for
all wrong cases in librbary functions would cause considerable
overhead. There'd be no end to the checks.
So this should not be done, certainly not by default. You
could do it in the style of DIAGASSERT in the rest of
the C library, and make it optional.