[Pvfs2-developers] Buffer overflows when using protocol decode
slang at mcs.anl.gov
Tue Jun 1 15:20:28 EDT 2010
Nope, no overflow checks in PVFS. We've seen segfaults on the server from buggy client code that has sent serialized data with encoded sizes that cause overflows.
If you were willing and motivated to modify the encoding implementation, I think you could change the encoding macros to take a pointer to a struct:
Instead of the char **pptr. current would allow you to keep track of where you are in the buffer as you're decoding. This would allow you to do the proper checks as you're decoding a message to ensure you don't decode past the end of the buffer. Might be a non-trivial change though.
On Jun 1, 2010, at 2:07 PM, Phil Carns wrote:
> Hi Nick,
> There isn't anything in the server to prevent the scenario that you described, as far as I know.
> On 06/01/2010 12:57 PM, Nicholas Mills wrote:
>> Hey all,
>> Is there any code in place to prevent buffer overflows when decoding server messages (requests and responses)? In particular I'm thinking of the variable-length types like string that are prefixed with their size. It seems to me that if the size is encoded incorrectly then there is nothing to prevent the server from attempting to read past the end of the request data.
>> Buffer overflows are a concern for me because I'm using the encode/decode functions to serialize some security data. I'd like the implementation to be as robust as possible; however, if the server code itself doesn't protect against buffer overflows then there's not much point to me adding it only to my code.
>> Pvfs2-developers mailing list
>> Pvfs2-developers at beowulf-underground.org
> Pvfs2-developers mailing list
> Pvfs2-developers at beowulf-underground.org
More information about the Pvfs2-developers