Difference between revisions of "Use of sizeof() on a pointer type"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to s1.shard.jp)
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/olharder/email-promotions.html auto windscreen shield 1998
 
] [http://s1.shard.jp/bireba/mac-antivirus.html download free norton antivirus software
 
] [http://s1.shard.jp/olharder/autoroll-654.html site] [http://s1.shard.jp/frhorton/3q938n1mz.html solutions to poverty in africa
 
] [http://s1.shard.jp/frhorton/j1znr5lny.html grassland animals in africa
 
] [http://s1.shard.jp/frhorton/ybfhg5c59.html albino african frog
 
] [http://s1.shard.jp/bireba/eztrust-antivirus.html norton antivirus live update not working
 
] [http://s1.shard.jp/bireba/antivirus-appliance.html panda titanium antivirus 2005 keygen
 
] [http://s1.shard.jp/losaul/murrays-buses.html australia computer used
 
] [http://s1.shard.jp/losaul/when-is-fathers.html plunkett homes australia
 
] [http://s1.shard.jp/frhorton/98rznyn69.html the plight of africa] [http://s1.shard.jp/bireba/avg-60-antivirus.html ez trust ez antivirus
 
] [http://s1.shard.jp/bireba/antivirus-software.html download symantec antivirus corporate edition 9.0
 
] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/olharder/auto-ordance.html auto civic manual
 
] [http://s1.shard.jp/galeach/new144.html asia vacation package
 
] [http://s1.shard.jp/olharder/autopilots-for.html bankrupcy autoparts tier 1
 
] [http://s1.shard.jp/olharder/autoroll-654.html link] [http://s1.shard.jp/olharder/morrey-auto-group.html auto brake problems
 
] [http://s1.shard.jp/olharder/stevens-creek.html stevens creek auto] [http://s1.shard.jp/olharder/premium-autoboomru.html replacement automotive parts
 
] [http://s1.shard.jp/losaul/lawn-bowls-clubs.html brothers neilson surf australia
 
] [http://s1.shard.jp/bireba/download-best-antivirus.html norton antivirus software free
 
] [http://s1.shard.jp/bireba/antivirus-firewall.html agrisoft antivirus
 
] [http://s1.shard.jp/bireba/download-kaspersky.html panda software antivirus
 
] [http://s1.shard.jp/olharder/automation-expense.html automobile credit financing no
 
] [http://s1.shard.jp/olharder/collective-unconscious.html us auto parts carson ca
 
] [http://s1.shard.jp/frhorton/dfj31yuuh.html budget renta car south africa
 
] [http://s1.shard.jp/frhorton/uf3em2dk5.html african diamonds for sale
 
] [http://s1.shard.jp/losaul/physiotherapy-colleges.html australia government information
 
] [http://s1.shard.jp/frhorton/gpeqnwwus.html a list of famous african american scientist
 
] [http://s1.shard.jp/frhorton/glos5k8jt.html brandee danielle african plain
 
] [http://s1.shard.jp/galeach/new50.html mild dysplasia leep
 
] [http://s1.shard.jp/galeach/new178.html norasia container lines limited
 
] [http://s1.shard.jp/galeach/new169.html asia east tour
 
] [http://s1.shard.jp/olharder/audi-automotive.html chevy laptop auto desk
 
] [http://s1.shard.jp/losaul/australian-topographic.html australian labor party victorian branch
 
] [http://s1.shard.jp/galeach/new64.html asian tattoo letter
 
] [http://s1.shard.jp/galeach/new78.html asian school girl pic
 
] [http://s1.shard.jp/bireba/panda-antivirus.html avgfreeantivirus
 
] [http://s1.shard.jp/losaul/import-vehicles.html shakespeare by the sea australia
 
] [http://s1.shard.jp/olharder/auto-automotriz.html automobile detroit in industry usa
 
] [http://s1.shard.jp/olharder/long-term-auto.html automotive specialist san francisco
 
] [http://s1.shard.jp/frhorton/tqdtzy3e9.html african plant life
 
] [http://s1.shard.jp/galeach/new128.html anastasia hotel protaras cyprus
 
] [http://s1.shard.jp/losaul/vetco-aibel.html river that separates australias two most populous states
 
] [http://s1.shard.jp/galeach/new6.html asian newcomer
 
] [http://s1.shard.jp/olharder/automation-building.html replacement auto carpets
 
 
 
{{Template:Vulnerability}}
 
{{Template:Vulnerability}}
 
{{Template:SecureSoftware}}
 
{{Template:SecureSoftware}}

Latest revision as of 07:49, 3 June 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.



Last revision (mm/dd/yy): 06/3/2009

Vulnerabilities Table of Contents

Description

Running sizeof() on a malloced pointer type will always return the wordsize/8.

Consequences

Authorization: This error can often cause one to allocate a buffer much smaller than what is needed and therefore other problems like a buffer overflow can be caused.

Exposure period

Implementation: This is entirely an implementation flaw.

Platform

  • Languages: C or C++
  • Operating platforms: Any

Required resources

Any

Severity

High

Likelihood of exploit

High

One can in fact use the sizeof() of a pointer as useful information. An obvious case is to find out the wordsize on a platform. More often than not, the appearance of sizeof(pointer)


Risk Factors

TBD

Examples

In C/C++:

#include <stdiob.h>

int main(){
  void *foo;
  printf("%d\n",sizeof(foo)); //this will return wordsize/4
  return 0;
}


Related Attacks


Related Vulnerabilities


Related Controls

  • Implementation: Unless one is trying to leverage running sizeof() on a pointer type to gain some platform independence or if one is mallocing a variable on the stack, this should not be done.

Related Technical Impacts


References

TBD