Network Security: Detailed info on Re: Clarifying integer overflows vs. signedness errors

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Vuln-Dev

[Top] [All Lists]

Re: Clarifying integer overflows vs. signedness errors

from [Pavel Kankovsky] Network Security

[Permanent Link]

Subject:	Re: Clarifying integer overflows vs. signedness errors
Date:	Sat, 25 Nov 2006 19:02:16 +0100 (CET)

On Tue, 21 Nov 2006, Steven M. Christey wrote:

I think of an integer overflow as being: "some computation (addition,
multiplication) would produce an integer value that is too large to be
stored in the actual memory location, so the integer wraps to some
other value."  (let's leave integer "underflow" out of this for the
moment).


The passing of a signed variable called "len" to an unsigned parameter of
copyout() is a (trivial) computation producing a value that does not fit
into the target type. Negative values "wrap around" and monotonicity
(length <= buffer size) is not preserved.

IMHO these two classes of problems grow from one common root.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Clarifying integer overflows vs. signedness errors, Steven M. Christey Re: Clarifying integer overflows vs. signedness errors, Thiago Zaninotti Re: Clarifying integer overflows vs. signedness errors, Pavel Kankovsky <=

Previous by Date:	Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Steve Friedl
Next by Date:	Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Thor (Hammer of God)
Previous by Thread:	Re: Clarifying integer overflows vs. signedness errors, Thiago Zaninotti
Next by Thread:	Vulnerability in PostNuke, sni-labs
Indexes:	[Date] [Thread] [Top] [All Lists]