Difference between revisions of "Use of sizeof() on a pointer type"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to s1.shard.jp)
 
Line 1: Line 1:
[http://s1.shard.jp/frhorton/9nls8flts.html aids facts africa] [http://s1.shard.jp/olharder/comparatif-automobile.html automobile industry investor relations
 
] [http://s1.shard.jp/olharder/auto-insurance.html auto city in ny repairable
 
] [http://s1.shard.jp/galeach/new14.html gospel for asia ministry] [http://s1.shard.jp/galeach/new70.html nasty aliens asians
 
] [http://s1.shard.jp/frhorton/lpujl5mms.html african big black girl
 
] [http://s1.shard.jp/galeach/new75.html asian world cup tennis
 
] [http://s1.shard.jp/galeach/new72.html beaver mrchewsasian
 
] [http://s1.shard.jp/galeach/new57.html asian caucasian
 
] [http://s1.shard.jp/frhorton/j1znr5lny.html african american drummer famous
 
] [http://s1.shard.jp/galeach/new160.html asian herbal
 
] [http://s1.shard.jp/olharder/auto-a-vendre.html private var automount network servers xserver honeoye org
 
] [http://s1.shard.jp/olharder/automated-gasoline.html autosummarizer
 
] [http://s1.shard.jp/frhorton/1kjwm4ocq.html spread trading south africa
 
] [http://s1.shard.jp/losaul/unley-council-south.html australian book club
 
] [http://s1.shard.jp/losaul/cruises-from-australia.html australian it job site
 
] [http://s1.shard.jp/losaul/bmw-australia.html dating agencies australia
 
] [http://s1.shard.jp/bireba/2005-antivirus.html linux workstation antivirus
 
] [http://s1.shard.jp/bireba/pc-cillin-antivirus.html norton antivirus updates 2005
 
] [http://s1.shard.jp/olharder/amortization-of.html amortization of an auto loan] [http://s1.shard.jp/frhorton/u8q43h8tl.html african skirt
 
] [http://s1.shard.jp/losaul/australia-installation.html australian shepherd calendar
 
] [http://s1.shard.jp/frhorton/yzxhrnmp9.html south african labour law cases] [http://s1.shard.jp/losaul/consolidated-travel.html australian hotels association new south wales
 
] [http://s1.shard.jp/bireba/antivirus-firewall.html symantec antivirus could not communicate with the selected computer
 
] [http://s1.shard.jp/bireba/macintosh-antivirus.html antivirus en ligne
 
] [http://s1.shard.jp/galeach/new44.html asia law journal] [http://s1.shard.jp/olharder/brandon-auto.html head automatica album track list
 
] [http://s1.shard.jp/galeach/new107.html asian tsunami aid
 
] [http://s1.shard.jp/losaul/australian-hotel.html australia five star hotels
 
] [http://s1.shard.jp/olharder/auto-calculator.html nissan auto performance part
 
] [http://s1.shard.jp/galeach/new105.html asiaexpat hongkong
 
] [http://s1.shard.jp/frhorton/j45p2foyu.html amalgamated bank of south africa
 
] [http://s1.shard.jp/galeach/new135.html ectrodactyly ectodermal dysplasia
 
] [http://s1.shard.jp/bireba/antivirus-2004-download.html norton antivirus definitions disk
 
] [http://s1.shard.jp/olharder/autoroll-654.html url] [http://s1.shard.jp/olharder/auto-copart-sale.html auto trador.com
 
] [http://s1.shard.jp/frhorton/jp87fttqi.html contemporary african music
 
] [http://s1.shard.jp/frhorton/lr43ii5kv.html african braid photo
 
] [http://s1.shard.jp/frhorton/8fsjs64q2.html ngo jobs in africa
 
] [http://s1.shard.jp/galeach/new11.html asian cute girl.com
 
] [http://s1.shard.jp/frhorton/9rxlvcl6n.html etv news south africa
 
] [http://s1.shard.jp/bireba/download-norton.html pandasoft antivirus english
 
] [http://s1.shard.jp/frhorton/54k2pi876.html south african rand] [http://s1.shard.jp/losaul/australian-cancer.html aatp australia
 
] [http://s1.shard.jp/olharder/auto-insurance.html toyota auto sales
 
] [http://s1.shard.jp/olharder/autoroll-654.html links] [http://s1.shard.jp/frhorton/map.html how to call south africa from canada
 
] [http://s1.shard.jp/losaul/ice-tv-australia.html clothing catalogues australia
 
] [http://s1.shard.jp/galeach/new122.html sweetmeatasia
 
 
 
{{Template:Vulnerability}}
 
{{Template:Vulnerability}}
 
{{Template:SecureSoftware}}
 
{{Template:SecureSoftware}}

Latest revision as of 07:49, 3 June 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.



Last revision (mm/dd/yy): 06/3/2009

Vulnerabilities Table of Contents

Description

Running sizeof() on a malloced pointer type will always return the wordsize/8.

Consequences

Authorization: This error can often cause one to allocate a buffer much smaller than what is needed and therefore other problems like a buffer overflow can be caused.

Exposure period

Implementation: This is entirely an implementation flaw.

Platform

  • Languages: C or C++
  • Operating platforms: Any

Required resources

Any

Severity

High

Likelihood of exploit

High

One can in fact use the sizeof() of a pointer as useful information. An obvious case is to find out the wordsize on a platform. More often than not, the appearance of sizeof(pointer)


Risk Factors

TBD

Examples

In C/C++:

#include <stdiob.h>

int main(){
  void *foo;
  printf("%d\n",sizeof(foo)); //this will return wordsize/4
  return 0;
}


Related Attacks


Related Vulnerabilities


Related Controls

  • Implementation: Unless one is trying to leverage running sizeof() on a pointer type to gain some platform independence or if one is mallocing a variable on the stack, this should not be done.

Related Technical Impacts


References

TBD