Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Re: Java integer overflows (was: a really long top

from [michaelslists] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Re: Java integer overflows (was: a really long topic)
Date: Wed, 29 Mar 2006 14:57:00 +1100 
Obviously there is other issues around not sanitising the data
yourself, but in the context of the reply - i.e. buffer overflows for
arbitrary code exec - java is fully protected.

any access to an array is checked by the vm.

-- Michael


On 3/29/06, Eliah Kagan <degeneracypressure@gmail.com> wrote:

On 3/29/06, Andrew van der Stock wrote:

This is not quite true.

Java does not prevent integer overflows (it will not throw an
exception). So you still have to be careful about array indexes.


On 3/28/06, michaelslists@gmail.com replied:

No you dont.

Arrays are all bounds checked; ..., that is, the following code will
throw an exception:

================================
class Foo {
  static {
    int[] m = new int[2];
    System.out.println(m[34]);
  }
}
================================


What do you mean by "overflow"? Do you mean this?

================================
class Foo {
  static {
    int m = Integer.MAX_VALUE;
    int k = Integer.MAX_VALUE + Integer.MAX_VALUE;
    System.out.println(m);
    System.out.println(k);
    System.exit(0);
  }
}
================================

if so, I don't see how that is an issue.

-- Michael


That is an issue in a limited way--if you are trying to access a
record with a high enough number (say by adding a number to a previous
array index), you might end up accessing a record with a low number,
which could potentially compromise the security of an application if
certain assumptions are made. But this would only be within the same
array that is already being accessed. The risk is minimal compared to
the risks of accessing past the end of an array in, say, C.

Even with bounds checking, there is no general way for a programming
language to stop the programmer from writing a program that accesses
the wrong piece of data in within a data structure, causing a security
problem. Java was never designed to solve this sort of problem. Java
does abstract data access so that many common bugs like buffer
overflows are prevented, which is very useful.

-Eliah



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Re: Java integer overflows (was: a really long topic), Eliah Kagan
Next by Date:  Re: 4 Questions: Latest IE vulnerability,Firefox vs IE security, Uservs Admin risk profile, and browsers coded in100% Managed Verifiable code, Jeff Williams
Previous by Thread:  Re: [Full-disclosure] Re: Java integer overflows (was: a really long topic), Eliah Kagan
Next by Thread:  Re: [Full-disclosure] Re: Java integer overflows (was: a really longtopic), michaelslists
Indexes:  [Date] [Thread] [Top] [All Lists]