Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   C Programming (http://www.velocityreviews.com/forums/f42-c-programming.html)
-   -   Buffer Overflow Tool <May be OT> (http://www.velocityreviews.com/forums/t537817-buffer-overflow-tool-may-be-ot.html)

Sheth Raxit 09-17-2007 09:27 AM

Buffer Overflow Tool <May be OT>
 
Is there any Opensource/Free tool to detect all possible Overflow in
the code. ?

Situation :
recently i came across some old code, <written by some careless
programmer, not having 'useful' document>.

What i am doing...<since last few days.>

1. analyzing code flow using cflow and cscope.
2. Removing All possible warnings <by gcc's Wall option.>
3.Found some crash on Dynamic memory stuff, <trying to Fix/Catch more
using Valgrind, <i am on linux> > , few crash fixed using gdb.
4. I suspect there are few <or say more> Array Overrun kind of stuffs
in the code.the code is in C lang. only,Any way to detect possible
array/buffer overflow. <any tool/library/compiler options etc>

<please note : some of my friend has told use Java, it is not possible
at this stage.>

Would be great if can provide any realistic/practical suggestion,
<Except review the whole code carefully, and manually detect.>

-Raxit


Ben Bacarisse 09-17-2007 03:13 PM

Re: Buffer Overflow Tool <May be OT>
 
Sheth Raxit <raxitsheth2000@gmail.com> writes:

> Is there any Opensource/Free tool to detect all possible Overflow in
> the code. ?


Yes it is off topic but there are enough clues to be pretty sure
that suggesting you install the mudflap libraries and compile (and
link) with these (see -fmudflap option) you will get something close
to what you are looking for. For more on this (and opinions from
wiser heads than mine) you must post to a platform specific group
(maybe news:comp.unix.programming?)

--
Ben.

Philip Potter 09-17-2007 04:47 PM

Re: Buffer Overflow Tool <May be OT>
 
Ben Bacarisse wrote:
> Sheth Raxit <raxitsheth2000@gmail.com> writes:
>
>> Is there any Opensource/Free tool to detect all possible Overflow in
>> the code. ?

>
> Yes it is off topic but there are enough clues to be pretty sure
> that suggesting you install the mudflap libraries and compile (and
> link) with these (see -fmudflap option) you will get something close
> to what you are looking for. For more on this (and opinions from
> wiser heads than mine) you must post to a platform specific group
> (maybe news:comp.unix.programming?)


ITYM comp.unix.programmer

--
Philip Potter pgp <at> doc.ic.ac.uk

user923005 09-17-2007 07:41 PM

Re: Buffer Overflow Tool <May be OT>
 
On Sep 17, 2:27 am, Sheth Raxit <raxitsheth2...@gmail.com> wrote:
> Is there any Opensource/Free tool to detect all possible Overflow in
> the code. ?
>
> Situation :
> recently i came across some old code, <written by some careless
> programmer, not having 'useful' document>.
>
> What i am doing...<since last few days.>
>
> 1. analyzing code flow using cflow and cscope.
> 2. Removing All possible warnings <by gcc's Wall option.>
> 3.Found some crash on Dynamic memory stuff, <trying to Fix/Catch more
> using Valgrind, <i am on linux> > , few crash fixed using gdb.


Electric fence is also popular. There is a bounds checking GCC, but I
have not tried it.

> 4. I suspect there are few <or say more> Array Overrun kind of stuffs
> in the code.the code is in C lang. only,Any way to detect possible
> array/buffer overflow. <any tool/library/compiler options etc>


I like this thing:
http://duma.sourceforge.net/

> <please note : some of my friend has told use Java, it is not possible
> at this stage.>
>
> Would be great if can provide any realistic/practical suggestion,
> <Except review the whole code carefully, and manually detect.>


Note:
There are not really an C questions here, but I could not think of a
more appropriate group to forward to. No doubt there is one, but I
don't know what it is.



Tor Rustad 09-17-2007 09:09 PM

Re: Buffer Overflow Tool <May be OT>
 
Sheth Raxit wrote:
> Is there any Opensource/Free tool to detect all possible Overflow in
> the code. ?
>
> Situation :
> recently i came across some old code, <written by some careless
> programmer, not having 'useful' document>.
>
> What i am doing...<since last few days.>
>
> 1. analyzing code flow using cflow and cscope.
> 2. Removing All possible warnings <by gcc's Wall option.>


Can you add the -pedantic and -ansi switch too?

Next step, is to look into adding more static analysis via lint tool,
e.g. 'splint', but that require a lot of effort, if you have never used
such a tool before.


> 3.Found some crash on Dynamic memory stuff, <trying to Fix/Catch more
> using Valgrind, <i am on linux> > , few crash fixed using gdb.


Another, useful tool is Electric Fence, which often core dump at point
of overflow.

However, a while back, I read a report from a super-computing center,
where they had analyzed different memory tools, of these Valgrind was
the best free tool, but was well behind the best commercial tools.


> Would be great if can provide any realistic/practical suggestion,
> <Except review the whole code carefully, and manually detect.>


If not already done, I would add a lot of assert()'s, and in particular
watch out for off-by-one errors.

Another tip is switching to: strlcpy() & strlcat().

--
Tor <torust [at] online [dot] no>

CBFalconer 09-17-2007 11:44 PM

Re: Buffer Overflow Tool <May be OT>
 
Tor Rustad wrote:
> Sheth Raxit wrote:
>
>> Is there any Opensource/Free tool to detect all possible Overflow
>> in the code. ?
>>
>> Situation :
>> recently i came across some old code, <written by some careless
>> programmer, not having 'useful' document>.
>>
>> What i am doing...<since last few days.>
>>
>> 1. analyzing code flow using cflow and cscope.
>> 2. Removing All possible warnings <by gcc's Wall option.>

>
> Can you add the -pedantic and -ansi switch too?
>
> Next step, is to look into adding more static analysis via lint
> tool, e.g. 'splint', but that require a lot of effort, if you have
> never used such a tool before.
>
>> 3.Found some crash on Dynamic memory stuff, <trying to Fix/Catch
>> more using Valgrind, <i am on linux> > , few crash fixed using gdb.

>
> Another, useful tool is Electric Fence, which often core dump at
> point of overflow.
>
> However, a while back, I read a report from a super-computing
> center, where they had analyzed different memory tools, of these
> Valgrind was the best free tool, but was well behind the best
> commercial tools.
>
>> Would be great if can provide any realistic/practical suggestion,
>> <Except review the whole code carefully, and manually detect.>

>
> If not already done, I would add a lot of assert()'s, and in
> particular watch out for off-by-one errors.
>
> Another tip is switching to: strlcpy() & strlcat().


Generally good advice. One slight addition I would recommend is
use of my nmalloc package, which includes comprehensive debugging
abilities. While written for DJGPP, it is quite general, and I
believe can operate on any byte addressed 32 bit system that has a
sbrk() call available and allows substitution of malloc packages.
It needs to be compiled with gcc. The package includes a manual.
When installed, just link it before the system library is searched.

The location also includes code for the (non-standard) strlcpy and
strlcat.

<http://cbfalconer.home.att.net/download/>

--
Chuck F (cbfalconer at maineline dot net)
Available for consulting/temporary embedded and systems.
<http://cbfalconer.home.att.net>



--
Posted via a free Usenet account from http://www.teranews.com



All times are GMT. The time now is 08:03 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.