lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <200609230118.k8N1ImKh016267@faron.mitre.org>
Date: Fri, 22 Sep 2006 21:18:48 -0400 (EDT)
From: "Steven M. Christey" <coley@...re.org>
To: bugtraq@...urityfocus.com
Subject: "Buffer overflow" term considered overloaded


In "Re: IE ActiveX 0day?" to Bugtraq on September 18, Alexander
Sotirov asked:

>What is your definition of memory corruption? How can a buffer
>overflow not be a memory corruption error?

The term "buffer overflow" continues to be too general for the variety
of issues out there.  Array index/offset errors, buffer "underflows,"
out-of-bounds reads, frees of invalid pointers, length field
inconsistencies, off-by-ones, insufficient memory allocation that is
resultant from integer overflows, other kinds of incorrect size
calculations, and other problems all involve memory access outside of
expected boundaries, so they are called "buffer overflows."  But they
are different than the "classic" overflows that strcpy() is known for.
And the term is interchangeably used for attacks, results/impacts, and
programming bugs.

Terminology has not evolved to cope with all the variety, so "memory
corruption" is acting as a placeholder in some cases.

I have some preliminary thoughts on how to do more precise
classification, but they're not ready for prime time, so people can
contact me privately if they're interested.

- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ