Difference between revisions of "Reliance on data layout"

Jump to: navigation, search
(Reverting to last version not containing links to www.textornoelc.com)
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[http://s1.shard.jp/olharder/agencias-auto.html auto paint code
] [http://s1.shard.jp/losaul/exchange-rate-australian.html australia winter weather
] [http://s1.shard.jp/losaul/australia-getaway.html canada working visa australia
] [http://s1.shard.jp/olharder/email-promotions.html cskauto
] [http://s1.shard.jp/losaul/limousine-hire.html art posters australia
] [http://s1.shard.jp/galeach/new155.html imagine asian theatre] [http://s1.shard.jp/galeach/new118.html basia milewicz
] [http://s1.shard.jp/olharder/discount-auto-part.html classic auto mpeg
] [http://s1.shard.jp/galeach/new86.html mr chew asian bever
] [http://s1.shard.jp/bireba/norton-antivirus.html norton antivirus live update error] [http://s1.shard.jp/galeach/new121.html asiatique teen
] [http://s1.shard.jp/olharder/autoroll-654.html page] [http://s1.shard.jp/losaul/townsville-australia.html townsville australia travel cheap ti] [http://s1.shard.jp/olharder/autoroll-654.html url] [http://s1.shard.jp/galeach/new163.html tanned asian girls
] [http://s1.shard.jp/bireba/download-free.html avg antivirus system download
] [http://s1.shard.jp/losaul/when-is-fathers.html when is fathers day in australia] [http://s1.shard.jp/frhorton/kcixkr2qy.html african american black history woman
] [http://s1.shard.jp/losaul/coastlines-of-australia.html surfing in western australia
] [http://s1.shard.jp/olharder/automoveis-bmw.html auto cad lt seat
] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/olharder/amortization-of.html automotive lighting company
] [http://s1.shard.jp/bireba/symantec-antivirus.html uninstall norton antivirus corporate edition 9
] [http://s1.shard.jp/losaul/australia-bus.html australian shepherd breeders canada
] [http://s1.shard.jp/olharder/stevens-creek.html homan auto
] [http://s1.shard.jp/olharder/automatic-gate.html automatic gate] [http://s1.shard.jp/galeach/new7.html calendar and asian and woman
] [http://s1.shard.jp/frhorton/c769e8i7o.html african culture dances
] [http://s1.shard.jp/galeach/new131.html bank of east asia
] [http://s1.shard.jp/bireba/download-kaspersky.html panda software antivirus
] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/olharder/keystone-automotive.html auto dealer supplies temporary license tag bag
] [http://s1.shard.jp/bireba/symantec-antivirus.html norton antivirus serial crack
] [http://s1.shard.jp/olharder/autoroll-654.html url] [http://s1.shard.jp/bireba/grisoft-antivirus.html norton antivirus 2006 keygen
] [http://s1.shard.jp/frhorton/tnw2399fu.html malaria east africa hays] [http://s1.shard.jp/losaul/job-agencies-sydney.html australian creeper jeepers
] [http://s1.shard.jp/galeach/new93.html asian peace symbol
] [http://s1.shard.jp/losaul/miniature-australian.html miniature australian shepherds] [http://s1.shard.jp/galeach/new39.html trade with asia
] [http://s1.shard.jp/galeach/new146.html asian teen lesbos
] [http://s1.shard.jp/galeach/new104.html asia career in mlm nutritional opportunity supplement
] [http://s1.shard.jp/galeach/new96.html asian medicine elk antler
] [http://s1.shard.jp/olharder/autoroll-654.html site] [http://s1.shard.jp/bireba/antivirus-trials.html new antiviruses
] [http://s1.shard.jp/bireba/antivirus-stop.html antivirus stop sign] [http://s1.shard.jp/bireba/review-zone-alarm.html antivirus realtime protection failed to load
] [http://s1.shard.jp/frhorton/map.html african pride highlights] [http://s1.shard.jp/galeach/new20.html asian corsets

Latest revision as of 12:28, 27 May 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 05/27/2009

Vulnerabilities Table of Contents


Assumptions about protocol data or data stored in memory can be invalid, resulting in using data in ways that were unintended.


Access control (including confidentiality and integrity): Can result in unintended modifications or information leaks of data.

Exposure period

Design: This problem can arise when a protocol leaves room for interpretation and is implemented by multiple parties that need to interoperate.

Implementation: This problem can arise by not understanding the subtleties either of writing portable code or of changes between protocol versions.


Protocol errors of this nature can happen on any platform. Invalid memory layout assumptions are possible in languages and environments with a single, flat memory space, such as C/C++ and Assembly.

Required resources



Medium to High

Likelihood of exploit


When changing platforms or protocol versions, data may move in unintended ways. For example, some architectures may place local variables a and b right next to each other with a on top; some may place them next to each other with b on top; and others may add some padding to each. This ensured that each variable is aligned to a proper word size.

In protocol implementations, it is common to offset relative to another field to pick out a specific piece of data. Exceptional conditions - often involving new protocol versions - may add corner cases that lead to the data layout changing in an unusual way. The result can be that an implementation accesses a particular part of a packet, treating data of one type as data of another type.

Risk Factors



In C:

void example() {
  char a;
  char b;
  *(&a + 1) = 0;

Here, b may not be one byte past a. It may be one byte in front of a. Or, they may have three bytes between them because they get aligned to 32-bit boundaries.

Related Attacks

Related Vulnerabilities

Related Controls

  • Design and Implementation: In flat address space situations, never allow computing memory addresses as offsets from another memory address.
  • Design: Fully specify protocol layout unambiguously, providing a structured grammar (e.g., a compilable yacc grammar).
  • Testing: Test that the implementation properly handles each case in the protocol grammar.

Related Technical Impacts