TCP/IP Socket

This is a discussion on TCP/IP Socket within the Linux Programming forums, part of the Platform Specific Boards category; I posted this on the c++ board and no one responded. So I'll move it here and hope for the ...

  1. #1
    Nor
    Nor is offline
    h ֆhr s Nor's Avatar
    Join Date
    Nov 2001
    Posts
    299

    TCP/IP Socket

    I posted this on the c++ board and no one responded.
    So I'll move it here and hope for the best.

    I'm in the final stages of development on a mail server. A have found a security exploit. When the mail box is accessed using its pop3 server there is a buffer which can be overloaded.

    How would I design a check for the buffer on the TCP/IP level?

    BTW. It is for a win9x/NT4/me/2k/xp.
    Try to help all less knowledgeable than yourself, within
    the limits provided by time, complexity and tolerance.
    - Nor

  2. #2
    B26354 Deckard's Avatar
    Join Date
    Jan 2002
    Posts
    633

    Re: TCP/IP Socket

    Originally posted by Nor
    When the mail box is accessed using its pop3 server there is a buffer which can be overloaded.
    How would I design a check for the buffer on the TCP/IP level?
    Just in case I missed it, here's how I interpret your message: you are aware of a buffer overflow vulnerability in an application, and you want to see if it can be exploited remotely.

    Since you didn't provide any details, I can only offer some generalized advice. Become familiar with what the buffer is for and under what cirumstances it is actually used. Then ask yourself if you have a means of providing the data that buffer is populated with.

    Perhaps you can hit the buffer directly: some portion of your POP3 message is copied directly to the buffer. You can overflow it and try to insert instructions or simply blow away enough of the app in memory that it crashes.

    Since you are using Windows, you probably won't get much more than generic 'buffer overflow' advice here on the Linux forum.

    Good luck.
    Jason Deckard

  3. #3
    Nor
    Nor is offline
    h ֆhr s Nor's Avatar
    Join Date
    Nov 2001
    Posts
    299
    I'm sorry. I do not wish to exploit it. This is for one of my projects and I need to find a way to fix it.
    Try to help all less knowledgeable than yourself, within
    the limits provided by time, complexity and tolerance.
    - Nor

  4. #4
    B26354 Deckard's Avatar
    Join Date
    Jan 2002
    Posts
    633
    Originally posted by Nor
    I need to find a way to fix it.
    Find a means of limiting the amount of data you place into a buffer, so that you never place more than the buffer can hold. If the buffer is a character array, consider using strncpy() instead of strcpy(). If you need more help, tell us what kind of data the buffer is meant to hold.
    Jason Deckard

  5. #5
    Nor
    Nor is offline
    h ֆhr s Nor's Avatar
    Join Date
    Nov 2001
    Posts
    299
    Thx.
    strcpy() is what i was using and I replaced it. The exploit is fixed.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. socket programming question, closing sockets...
    By ursula in forum Networking/Device Communication
    Replies: 2
    Last Post: 05-31-2009, 06:17 PM
  2. when to close a socket
    By Wisefool in forum Networking/Device Communication
    Replies: 5
    Last Post: 11-02-2003, 10:33 AM
  3. problem closing socket
    By Wisefool in forum Networking/Device Communication
    Replies: 2
    Last Post: 10-29-2003, 12:19 PM
  4. socket newbie, losing a few chars from server to client
    By registering in forum Linux Programming
    Replies: 2
    Last Post: 06-07-2003, 12:48 PM
  5. TCP/IP and Socket programming
    By CompiledMonkey in forum C Programming
    Replies: 2
    Last Post: 02-21-2003, 03:47 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21