|
I think it depends where you are - applications programming, systems, APIs, etc. I have a program that calls the List ILE program information API (QBNLPGMI). I coded a program at V4R5 using this API. After we upgraded to V5R2, the program stopped working. When testing the program we got an error on a WRITE operation to an external printer file. Dumping the program resulted in a partially-processed dump. The program calls the QBNLPGMI API, throwing its output to a user space. The user space entries are processed. We read the user space header to get the size of each entry. Then in the processing loop, we pass in that size (from the header) to retrieve the contents. The problem was, the receiver area (PGML0100) changed in size from 507 bytes to 3996 bytes. We told the retrieve user space API to give back 3996 bytes (from the US header) but only provided 507 bytes in the receiver variable. The extra 3500 bytes were overwriting storage outside the variable space, which happened to belong to some print control data in the RPG program. The WRITE operation didn't understand the gibberish we put in its work area (buffer overflow) and died. Changing the retrieve user space call from using the entry size from the header to the actual size of the receiver variable solved the problem. The worst thing that happened for me was my utility program stopped working. I don't know how aggressively the OS protects system programs and data, but fortunately no system damage occurred. OS/400 does provide some pointer protection, that's all those MCH3601 errors. Long story to show that even in regular RPG programming, there are possibilities of buffer overflows. To use IBM's parlance, the "results are unpredictable". --Loyd -----Original Message----- From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Rich Duzenbury Sent: Wednesday, November 03, 2004 3:58 PM To: ISeries Mailing List Subject: iSeries buffer overflow immunity? Is the iseries invulnerable to buffer overflows? I was doing a bit of googling, and it seems there is a general impression from individual users that things are OK, but I don't see such information from large companies or vendors. I routinely make calls from ILE RPG into the C runtime library, in what I believe are 'safe' calls. We have more and more C code converted to run on the iSeries, such as the Apache HTTP server. As buffer overflows have been found in things like Apache, it stands to reason that the iSeries version would have been compiled from the same source code, and thus have the same coding error. But, can the coding error be exploited? Denial of service? Privilege escalation? I'm not aware of any systems that have been compromised in any way, but I'd like to find some assurances about that. Thanks. -- Regards, Rich
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
