buffer overflow

Hey all, I'm just a newbie and was wanting to know all about this buffer overflow problems that these big companies seem to be having trouble with.

Microsoft had some critical flaw in their plug & play component - this had something to do with buffer overflow.

AOL had some critical flaw in their Instant Messenger - and this was also some buffer overflow problem.

I read some stuff about it, cos I really had no idea, and read that it's overflowing the buffer with malicious data and it is this overflowed data that contains the code that could potentially destroy the users PC.

Anyways, I was just wondering, firstly, is this right at all or is it just total BS and secondly, if it's such a critical security issue, why can't these BIG companies get it right??

Greg

Buffer overflows result when a variable, field, or otherwise "section" of information goes over it's "allowed" limit. A good example of this would be int overflows, where int allows from -32768 to 32768. If you went below or above that range, it would overflow it's allowed limit, allowing arbitrary code or whatnot to be run.

Consider the example:

#include <stdio.h>

int main() {
printf("%d", 10000000000000000000000);
}

On the machine I'm on, which is an PA-RISC HP 9000 L2000, the c compiler (cc) sees that the number going into the %d (integer) goes way over the limitation for an integer and gives me the following error when I try to compile it with (cc a.c -o foo):

(Bundled) cc: "a.c", line 10: warning 602: Integer constant exceeds its storage.

This is a very simple example of a "buffer overflow". The compiler's smart enough now to know what can be overflowed so it prevents simple things. Buffer overflows are the easiest to exploit and are everywhere in code that's sloppily done or unchecked. This is a lesson to check your code! Once again, it's a simple example and don't trust just the compiler to verify everything in your code. It all depends on the code, how it was written, the compiler used, etc etc..

Quote:

---

Anyways, I was just wondering, firstly, is this right at all or is it just total BS and secondly, if it's such a critical security issue, why can't these BIG companies get it right??

---

Because they have 50 developers all working somewhat independent of each other and programmers are a very picky bunch.."MY code is right and YOURS is thrown together!"...Add that in with deadlines and you get code that could've been done. Management wants to meet a deadline and "we must get this done" followed by "we can fix that in the next patch".