DragonFly kernel List (threaded) for 2003-08
Re: Buffer overflow?
Seriously, though, the C lib has new functions, e.g. snprintf(), and
the only way to avoid most buffer overflow problems is to use these
bounded functions and never, ever use the unbounded functions, even
if you *know* a particular use will not overflow a buffer.
The second type of buffer overflow is an array index overflow, where
an array index is incorrectly calculated or incorrectly bounded. For
example, consider the age-old misuse of malloc() where beginning
programmers would do something like: str2 = malloc(strlen(str1)),
which doesn't account for the \0 terminating the string, or programmers
who check the high side but forget that they are using a signed index
variable which could very well be negative.
If just these two problem areas were cleaned up 99% of all buffer
overflow issues would disappear.
Have you given any thought to pulling in the changes that OpenBSD made
to harden against buffer overflows (i.e. canary checking)? They've
added some pretty serious mechanisms to make it harder to exploit buffer
overflows (and made it turned on by default).
I've been surprised that none of the other BSD's have pulled in this code.