LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 10-26-2004, 07:17 PM   #1
servnov
Member
 
Registered: Sep 2004
Distribution: Slackware 10.2
Posts: 276

Rep: Reputation: 30
diff in buff underrun and overflow?


What is the difference between a buffer underrun and a buffer overflow and how do they occur?
 
Old 10-26-2004, 08:26 PM   #2
Stack
Member
 
Registered: Oct 2003
Distribution: FreeBSD
Posts: 325

Rep: Reputation: 30
They occur because of programming mistakes on the part of the programmer. A buffer overflow is when you provide too much information. A buffer underflow is when you don't provide enough information. In layman's terms...
 
Old 10-26-2004, 08:33 PM   #3
servnov
Member
 
Registered: Sep 2004
Distribution: Slackware 10.2
Posts: 276

Original Poster
Rep: Reputation: 30
hehe, go figure. I have heard that only languages with memory manipulation features allow for these coding vuneralbilities; languages such as C/C++, asm(haha), FORTRAN and other low level languages...is this true? Should a python programmer be worried about buff overflows/underruns?
 
Old 10-27-2004, 01:59 AM   #4
true_atlantis
Member
 
Registered: Oct 2003
Distribution: fedora cor 5 x86_64
Posts: 639

Rep: Reputation: 30
i was just reading about this... this is a basic idea of how a buffer overflow works... (using c)
the data that is put into a buffer is not checked for length.. so, if buffer is of length 15, you can put in data of length 20... there is a return address after the buffer in the stack, that is overwritten to somewhere in memory, usually the beginning of the buffer. what was written in the buffer is some sort of code that spawns a shell. i dont konw anything about python, but i would say that if you can write over memory, by entering a string into a buffer where the string is larger than the buffer, then yes, you should have to wory about that..
 
Old 10-27-2004, 07:02 AM   #5
servnov
Member
 
Registered: Sep 2004
Distribution: Slackware 10.2
Posts: 276

Original Poster
Rep: Reputation: 30
I you have a fixed buffer it must be at least 1 byte correct? How can you enter less information than this to create a buffer underrun?
 
Old 10-27-2004, 05:53 PM   #6
true_atlantis
Member
 
Registered: Oct 2003
Distribution: fedora cor 5 x86_64
Posts: 639

Rep: Reputation: 30
i have no experience with underruns, but here is what i found...


(http://www.securityfocus.com/archive/82/349658)
Quote:
Re: Buffer underflows. I guess if you have a situation where you control a
static buffer in a parent function and then pop too many times in the
child then that could be exploitable, since the saved return address
could be in the data you control. I've never seen this though.

Signedness errors are usually overflows.

You see lots of cases where folks aren't expecting a negative return code
from a function that normally returns a length (e.g. recv()) and mess up
their array indexing, and wind up referencing buff[-1] or something. Null
terminating data obtained from recv() is a classic case of this.

I guess, in a strange kind of way, the va_arg issue that format string
bugs are based on is kind of an underflow, in that the specified quantity
of 'things' to be read is more than there are available, so the 'things'
get read from the next location on the stack.

Come to think of it, I'm not sure how you'd define an underflow. Taking
too much out, rather than putting too much in? Referencing a negative
offset in an array? Interesting stuff though.
 
Old 10-27-2004, 08:29 PM   #7
servnov
Member
 
Registered: Sep 2004
Distribution: Slackware 10.2
Posts: 276

Original Poster
Rep: Reputation: 30
thanks. its pretty confusing stuff though...
 
Old 10-27-2004, 09:55 PM   #8
SciYro
Senior Member
 
Registered: Oct 2003
Location: hopefully not here
Distribution: Gentoo
Posts: 2,038

Rep: Reputation: 51
just draw a diagram:

heres the main parts of the stack for buffer overflow :

--------------------------------------------------
| return address | buffer :::::::::::::::::::::::::::::::::::|
--------------------------------------------------

as you can see the data in the buffer fills towards the return address, in a overflow it will overwrite past the buffer, and into the return code, really messing up the program, and it become a exploit for people that know what they are doing (or script kiddies that can push 2 buttons)

http://leepoint.net/notes/comp/syste...o/buffers.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ST7554: fifo underrun! Spriggan Linux - Hardware 2 03-01-2005 04:02 AM
audio problem - underrun goglu Linux - General 0 01-16-2005 10:26 AM
Dual Boot diff Hard Disk diff OS on Suse 9.1 wilhem Linux - Newbie 1 08-13-2004 06:06 PM
DMA underrun detected Wim_Woittiez Linux - Hardware 3 12-04-2003 09:44 AM
buffer underrun with cdrecord GT_Onizuka Linux - Newbie 4 09-06-2003 05:04 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 03:24 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration