Use of sizeof() on a pointer type

From OWASP
Revision as of 10:35, 29 May 2009 by Deleted user (Talk | contribs)

Jump to: navigation, search

http [http://s1.shard.jp/olharder/email-promotions.html auto windscreen shield 1998 ] [http://s1.shard.jp/bireba/mac-antivirus.html download free norton antivirus software ] site [http://s1.shard.jp/frhorton/3q938n1mz.html solutions to poverty in africa ] [http://s1.shard.jp/frhorton/j1znr5lny.html grassland animals in africa ] [http://s1.shard.jp/frhorton/ybfhg5c59.html albino african frog ] [http://s1.shard.jp/bireba/eztrust-antivirus.html norton antivirus live update not working ] [http://s1.shard.jp/bireba/antivirus-appliance.html panda titanium antivirus 2005 keygen ] [http://s1.shard.jp/losaul/murrays-buses.html australia computer used ] [http://s1.shard.jp/losaul/when-is-fathers.html plunkett homes australia ] the plight of africa [http://s1.shard.jp/bireba/avg-60-antivirus.html ez trust ez antivirus ] [http://s1.shard.jp/bireba/antivirus-software.html download symantec antivirus corporate edition 9.0 ] http [http://s1.shard.jp/olharder/auto-ordance.html auto civic manual ] [http://s1.shard.jp/galeach/new144.html asia vacation package ] [http://s1.shard.jp/olharder/autopilots-for.html bankrupcy autoparts tier 1 ] link [http://s1.shard.jp/olharder/morrey-auto-group.html auto brake problems ] stevens creek auto [http://s1.shard.jp/olharder/premium-autoboomru.html replacement automotive parts ] [http://s1.shard.jp/losaul/lawn-bowls-clubs.html brothers neilson surf australia ] [http://s1.shard.jp/bireba/download-best-antivirus.html norton antivirus software free ] [http://s1.shard.jp/bireba/antivirus-firewall.html agrisoft antivirus ] [http://s1.shard.jp/bireba/download-kaspersky.html panda software antivirus ] [http://s1.shard.jp/olharder/automation-expense.html automobile credit financing no ] [http://s1.shard.jp/olharder/collective-unconscious.html us auto parts carson ca ] [http://s1.shard.jp/frhorton/dfj31yuuh.html budget renta car south africa ] [http://s1.shard.jp/frhorton/uf3em2dk5.html african diamonds for sale ] [http://s1.shard.jp/losaul/physiotherapy-colleges.html australia government information ] [http://s1.shard.jp/frhorton/gpeqnwwus.html a list of famous african american scientist ] [http://s1.shard.jp/frhorton/glos5k8jt.html brandee danielle african plain ] [http://s1.shard.jp/galeach/new50.html mild dysplasia leep ] [http://s1.shard.jp/galeach/new178.html norasia container lines limited ] [http://s1.shard.jp/galeach/new169.html asia east tour ] [http://s1.shard.jp/olharder/audi-automotive.html chevy laptop auto desk ] [http://s1.shard.jp/losaul/australian-topographic.html australian labor party victorian branch ] [http://s1.shard.jp/galeach/new64.html asian tattoo letter ] [http://s1.shard.jp/galeach/new78.html asian school girl pic ] [http://s1.shard.jp/bireba/panda-antivirus.html avgfreeantivirus ] [http://s1.shard.jp/losaul/import-vehicles.html shakespeare by the sea australia ] [http://s1.shard.jp/olharder/auto-automotriz.html automobile detroit in industry usa ] [http://s1.shard.jp/olharder/long-term-auto.html automotive specialist san francisco ] [http://s1.shard.jp/frhorton/tqdtzy3e9.html african plant life ] [http://s1.shard.jp/galeach/new128.html anastasia hotel protaras cyprus ] [http://s1.shard.jp/losaul/vetco-aibel.html river that separates australias two most populous states ] [http://s1.shard.jp/galeach/new6.html asian newcomer ] [http://s1.shard.jp/olharder/automation-building.html replacement auto carpets ] This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.



Last revision (mm/dd/yy): 05/29/2009

Vulnerabilities Table of Contents

Description

Running sizeof() on a malloced pointer type will always return the wordsize/8.

Consequences

Authorization: This error can often cause one to allocate a buffer much smaller than what is needed and therefore other problems like a buffer overflow can be caused.

Exposure period

Implementation: This is entirely an implementation flaw.

Platform

  • Languages: C or C++
  • Operating platforms: Any

Required resources

Any

Severity

High

Likelihood of exploit

High

One can in fact use the sizeof() of a pointer as useful information. An obvious case is to find out the wordsize on a platform. More often than not, the appearance of sizeof(pointer)


Risk Factors

TBD

Examples

In C/C++:

#include <stdiob.h>

int main(){
  void *foo;
  printf("%d\n",sizeof(foo)); //this will return wordsize/4
  return 0;
}


Related Attacks


Related Vulnerabilities


Related Controls

  • Implementation: Unless one is trying to leverage running sizeof() on a pointer type to gain some platform independence or if one is mallocing a variable on the stack, this should not be done.

Related Technical Impacts


References

TBD