[PATCH] draft: better string overflow checking (was: memory corruption in SAMBA_3_0)

Andrew Bartlett abartlet at samba.org
Wed Mar 5 10:57:29 GMT 2003


On Wed, 2003-03-05 at 16:11, Martin Pool wrote:
> I was thinking about Andrew's fstring-overflow patch from a few weeks
> ago: for developer builds, it touches the last byte of a string buffer
> to check that it's as long as it should be.  
> 
> This should be reasonably helpful in catching string overflows on the
> heap, but not so good on the stack, because the program can probably
> write arbitrarily far past stack variables without trapping, even
> under Valgrind.  Writing a \0 in there will damage *something* and
> probably make the program crash, but it won't be very obvious.  I
> think this might have been what Jerry saw the other day.
> 
> I think this patch is better: it thoroughly clobbers the contents of
> string buffers to make any fstring/pstring/dynamic confusion obvious.
> 
> Here is an example that is caught in developer builds with this patch,
> but is hard to catch otherwise:
> 
> #include "includes.h"
> 
>  int main(void)
> {
> 	fstring dest;
> 
> 	pstrcpy(dest, "hello");
> 
> 	return 0;
> }
> 
> This fails with an obvious message under gdb:
> 
> #0  0xf1f1f1f1 in ?? ()
> Cannot access memory at address 0xf1f1f1f1
> 
> Please don't apply this yet because I want to see if it catches any
> bugs, but I'd love to hear comments.

This will (compared to other checks) slow things down, as we keep
filling out those pstrings, but I think it's a great idea - and will
catch bugs!

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030305/a2eca097/attachment.bin


More information about the samba-technical mailing list