Difference between revisions of "Vulnerability"

From OdaWiki
 
Line 1: Line 1:
Odamex is written in C++, and thus without due diligence could be under threat from the following vulnerabilities. We aim to resolve all known vulnerabilities very quickly, and this list is one of lessons learned. If you find a vulnerability, please report it in [[bugs]].
+
Odamex is written in C++, and thus without due diligence could be under threat from the following vulnerabilities. We aim to resolve all known vulnerabilities very quickly, and this list is one of lessons learned. If you find a vulnerability, please report it in [[bugs]] as a critical bug.
  
 
== Buffer overruns & underruns ==
 
== Buffer overruns & underruns ==

Latest revision as of 14:08, 29 March 2006

Odamex is written in C++, and thus without due diligence could be under threat from the following vulnerabilities. We aim to resolve all known vulnerabilities very quickly, and this list is one of lessons learned. If you find a vulnerability, please report it in bugs as a critical bug.

Buffer overruns & underruns

arrays

Be careful with general array indexing. Off by one errors.

printf

Printf and related (scanf, sscanf, fprintf, VPrintf, etc...) functions have been widely used in the source. They are vulnerable to:

  • insufficient target string parameter length (buffer overrun if exceeded)
  • lack of source string termination (buffer overrun if exceeded)
  • using source string as format string (bad memory access)
  • incorrect format string for a source string (bad memory access)

Note that using a safer equivalent function will not solve all of these issues. Using snprintf, for example, only ensures a sufficiently long target string

Resource exhaustion

memory allocation

Could keep creating objects until there's no RAM left.

bandwidth overflow

For some requests, a long reply is guaranteed. If those requests keep getting made, all the available bandwidth is taken up.

lockup

Where, for example, a server could tell the client to use negative time in a calculation, creating an infinite loop.

High level logic

invalid references

All incoming references, ids, and other information from the network must be checked to make sure it is safe.