[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Vulnerabilities in Synchronous IPC Designs

From: Andreas Haeberlen
Subject: Re: Vulnerabilities in Synchronous IPC Designs
Date: Mon, 02 Jun 2003 21:01:23 -0700

Hello Espen,

>> Note that it appears that IDL4 seems to happily use string buffers
>> for any variable length argument, irregardless of any length
>> restriction (which might even be so small as to guarantee that it
>> always fits into the msg registers) or actual length at runtime.
> It is trivial to add a check in the IDL compiler (and generated code)
> for the length of a variable length buffer.  If the variable length
> buffer fits within 256 bytes (or 512 bytes on 64-bit architectures),
> the content can be transferred using message registers.  If this is
> your only concern, then you shouldn't worry.  (I was actually sort of
> suprised to learn that IDL4 didn't support this in the current
> implementation.)

Actually, this _is_ supported in the current implementation.
Try compiling something like:

      interface foo {
         void bar(in string<40> x, in string<20> y);

and you will find that the message is transferred completely in
registers. What Marcus has observed is probably an issue with
the current release, which sometimes causes the server loop to
allocate more buffer space than it actually needs.

       - Andreas

reply via email to

[Prev in Thread] Current Thread [Next in Thread]