Hi, my name is Bryan Childs I work in the IBM Z Center for Secure Engineering, and I'm here today to talk about buffer overflow.
So what happens when an untrusted requester gives you a variable length field that is much larger than what you expect or can handle?
Well what happens really depends on whether there's going to be an input or an output, but either way it's bad.
I know we talked about PC and SVC routine implementation.
We talked about key protection, change of state... this has nothing to do with that per se
because you could have everything in the appropriate key,
you can have everything else set up correctly, but if you don't have proper boundary checking on variable length input
these are the types of things that can happen
So if your requester is saying that this is your input
going into your service...
when you are copying this much storage, but you are only able to accommodate this much
you are going to overlay into this much of your storage with whatever this requester wants.
Now on the other hand let's say this is supposed to be going in the other direction.
You know, what if this is output and the variable length field associate with the parameters is saying
this is how much area I have for you to fill in, but as a service provider,
you've only have attended this much storage
but you haven't checked that variable length boundary to make sure that you're really going to do what you expect to do -
well then, you're going to take this much storage,
let's say from your dynamic area, and potentially give all kinds of sensitive information to this requester, which this requester should not have.
So when you're talking about the difference between
strcpy and strncpy this is the kind of thing that is going to be occurring.
This is the the challenge in the issue of a buffer overflow and from a function test perspective,
it's fundamental to do boundaries checking.  It is not just for the completion of, you know,
the functional nature of your services.
It is about security and system integrity.
Enterprise Knights of IBM Z - providing educational insights to the security and integrity of our platform.
