Buffer
Overflow Defenses. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle.
http://sfsecurity.pr.erau.edu.
Language tools –
“Safe” buffers
•Example: C++ class objects that do bounds
checking like CString, or “limitless” strings like libmib
•Pros:
–Much safer than standard string handling in C
–Exceptions can be handled instead of a program halt
•Cons:
–Require the use of different library functions, meaning that existing code has to be modified or
interfaced with in a low-level way
–A “limitless” string has to continually be reallocated meaning a bigger heap and a
performance cost
–What if you don’t want the buffer to grow and accept a bigger input?