Subject: Re: exploit with memcpy()
To: Frank van der Linden <email@example.com>
From: Ed Ravin <firstname.lastname@example.org>
Date: 07/02/2002 13:10:23
Frank van der Linden writes:
> On Tue, Jul 02, 2002 at 08:10:31PM +0900, TAMURA Kent wrote:
> > [...] we
> > can protect from this kind of exploit by adding checks to
> > memcpy/memmove/bcopy like the following.
> There are a lot of ways in which library functions could fail
> when passed bad arguments, like NULL pointers. Checking for
> all wrong cases in librbary functions would cause considerable
> overhead. There'd be no end to the checks.
This sounds a bit extreme. Don't we want library code to be
reliable and not to overwrite surprise areas of memory when
presented with bogus arguments? As others have pointed out,
parameter checking happens once per call. I doubt the overhead
would be so "considerable", and the improvements in reliability
and security would be well worth it.
> This has come up before. I am against this kind of 'defensive
> programming' in library functions. The callers should be
> fixed, not the function.
If the fixes are common to multiple callers, then shouldn't the
fixes be in the libraries? Isn't that what libraries are for
in the first place?