[nsp] RED_ZONE Limit?

Stephen J. Wilcox steve at telecomplete.co.uk
Wed Jan 21 13:53:44 EST 2004 

On Wed, 21 Jan 2004, Hudson Delbert J Contr 61 CS/SCBN wrote:

> would it not be better coding to have a buflen checking to prevent such an
> event from occuring.

then it wouldnt be a bug, and we'd not ever need firewalls because everything 
works just the way you expect :)

> i would rather have the function call die w/error .gt. 0 than reboot the
> box.

Suppose the process is part of the kernel.. ? Or maybe thats a good reaction to 
what the box considers to be a fatal situation, it may even be a way to prevent 
a buffer overflow exploit from well being exploited! 

> why is array checking such a difficult thing to do for programmers today. 

not sure, i'll fwd your Q to support at microsoft.com

> if the mask should be x bits long then make sure the data stuffed into a
> buffer, bitmask

ahh but you need to remember just how much data is copied around memory, maybe
you checked it when you read it in but now you're copying it to another
subroutine which has smaller buffers allocated and you forgot after the 100th
copy.. easily done, what you going to do? there is a limit to how much checking
you can write in before the checking takes over the program flow..

> crude pseudo-code:
> 
> do_until_whatever
> 	var out-of-bounds int
> 	set out-of-bounds = 0
> 	var overrun boolean
> 	set overrun false
> 	set out-of-bounds=diff(buffer-len - data-len)
> 	if out-of-bounds .le. 0	set overrun true
> 	if oveerun call overrun-handler
> end_if
> 
> how hard is that?

to be fair, CatOS has more than 9 lines and 1 buffer :)

Steve

> 
> ~v/r
> Del Hudson
> 61CS/SCBN - LAAFB NCC
> Network Architecture & Engineering Group
> delbert.hudson at losangeles.af.mil
> 
> 
> 
> -----Original Message-----
> From: Tomas Daniska [mailto:tomas at tronet.com]
> Sent: Wednesday, January 21, 2004 7:22 AM
> To: Church, Chuck; Pete Templin; Dariusz Sznajder
> Cc: cisco-nsp at puck.nether.net
> Subject: RE: [nsp] RED_ZONE Limit?
> 
> 
> red zone is an intentionally unused memory space (boundary) between
> allocated memory blocks, initialized with a well-known value. if the code
> somehow manages to overflow the buffer there is a large probability that
> also the redzone will be overwriten
> 
> memory manager processes periodically scan all redzones for proper values.
> should they find a discrepancy, that usualy denotes a buffer overflow error,
> in this case in the packet processing code
> 
> --
> 
> deejay  
> 
> > -----Original Message-----
> > From: Church, Chuck [mailto:cchurch at wamnetgov.com] 
> > Sent: 21. januára 2004 15:35
> > To: Pete Templin; Dariusz Sznajder
> > Cc: cisco-nsp at puck.nether.net
> > Subject: RE: [nsp] RED_ZONE Limit?
> > 
> > Was the 1010 sitting inside the 20 yard line?  :)   Seriously 
> > though, I didn't find anything on google either.  Real strange...
> > 
> > Chuck Church
> > CCIE #8776, MCNE, MCSE
> > Wam!Net Government Services
> > 13665 Dulles Technology Dr. Ste 250
> > Herndon, VA 20171
> > Office: 703-480-2569
> > Cell: 703-819-3495
> > cchurch at wamnetgov.com
> > PGP key: 
> > http://pgp.mit.edu:11371/pks/lookup?op=index&search=cchurch%40
> > wamnetgov.com
> > 
> > > -----Original Message-----
> > > From: Pete Templin [mailto:petelists at templin.org]
> > > Sent: Wednesday, January 21, 2004 8:10 AM
> > > To: Dariusz Sznajder
> > > Cc: cisco-nsp at puck.nether.net
> > > Subject: Re: [nsp] RED_ZONE Limit?
> > > 
> > > 
> > > Shoulda used Old Spice deodorant?
> > > 
> > > Dunno.
> > > 
> > > Dariusz Sznajder wrote:
> > > > Hi,
> > > > 
> > > > What does mean this message:
> > > >  %AAL5-3-INTERNAL_ERROR:  aal5send: Pkt Buffer Exceeds 
> > > RED_ZONE Limit
> > > > from LightStream 1010 ATM Switch?
> > > > 
> > > > Cisco Search asked about RED_ZONE: No documents were found. :-(
> > > > 
> > > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > > 
> > 
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > 
> > 
> > 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list