[15937] in bugtraq
Re: StackGuard with ... Re: [Paper] Format bugs.
daemon@ATHENA.MIT.EDU (Gerardo Richarte)
Mon Jul 24 20:37:52 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <397C8219.96E9F04C@core-sdi.com>
Date: Mon, 24 Jul 2000 14:51:43 -0300
Reply-To: Gerardo Richarte <core.lists.bugtraq@CORE-SDI.COM>
From: Gerardo Richarte <core.lists.bugtraq@CORE-SDI.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
"Greg A. Woods" wrote:
> It's not possible to do bounds checking without: a) changing the
> function calling interface so that the number of parameters, as
> well as the type of each parameter, can be passed to the function;
You don't need the number of arguments nor their types, you
only need how much space they take from the stack (the same number
that is subtracted from stack pointer after returning from a call).
It's true that something must be changed, but I don't think
it to be too deep, isn't there already a special treatment for
<stdarg.h>'s functions? All that needs to be added is pushing the
number of bytes args are taking from stack as first argument, and the
add some [C] code in <stdarg.h>'s functions. Am I wrong?
In short: you don't need to know anything about types, and I'm
pretty sure that, if you are not trying to do strange things, it'll
not break any functionality.
richie
--
A390 1BBA 2C58 D679 5A71 - 86F9 404F 4B53 3944 C2D0
Investigacion y Desarrollo - CoreLabs - Core SDI
http://www.core-sdi.com
--- For a personal reply use gera@core-sdi.com
