|
On Mon, 2004-11-08 at 10:10, Bruce Vining wrote: > > > Correct, you cannot assume that admin_flag0 and admin_flag1 are physically > located around buffer. Defining them as subfields within a data structure > would. > > I used your definitions and defined some integer fields (diff1 and diff2). > diff1 = %addr(Buffer) - %addr(admin_flag0) resulted in 8; diff2 = > %addr(admin_flag1) - %addr(Buffer) resulted in -7. This suggests that with > my current release, PTF level, etc. that storage has been laid out as > admin_flag0, admin_flag1, filler, buffer. You cannot however rely on this > -- a PTF and recompile of your program, or recompiling on a different > release, could alter all of this... That's good news. So, in my opinion, the likelihood that an attacker could hit an exact byte in RPG static storage is getting extremely low - The buffer has to be accessible via a pointer, unprotected by program code, and the storage layout from the compiler is arbitrary, so the important 'admin_flag' is not necessarily accessible past the end of the buffer. Thanks for your insight. -- Regards, Rich Current Conditions in Des Moines, IA Broken Clouds Temp 42.8F Winds out of the Southwest at 9mph
This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
