[Info-vax] VAX Macro to C conversion

Dave Froble davef at tsoft-inc.com
Thu Jul 25 21:44:48 EDT 2019 

On 7/25/2019 8:18 PM, Simon Clubley wrote:
> On 2019-07-25, Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
>> On 2019-07-25 00:36:27 +0000, Craig A. Berry said:
>>
>>> On 7/24/19 8:28 AM, John Reagan wrote:
>>>>
>>>> DECC$ATOI                       = PROCEDURE,-
>>>> DECC$ATOL                       = PROCEDURE,-
>>>> DECC$MEMCHR                     = PROCEDURE,-
>>>> DECC$MEMCMP                     = PROCEDURE,-
>>>> DECC$STRCAT                     = PROCEDURE,-
>>>> DECC$STRCHR                     = PROCEDURE,-
>>>> DECC$STRCMP                     = PROCEDURE,-
>>>> DECC$STRCPY                     = PROCEDURE,-
>>>
>>> Yum, ASCIZ string functions with no bounds checking in the kernel :-).
>>> Probably not the most dangerous thing out there, but possibly worth a
>>> rethink at some point.
>>
>> Not only in the OpenVMS kernel code, but also third-party inner-mode code.
>>
>
> Careful Craig and Stephen. :-)
>
> Counted strings and/or descriptors are not some magical fix for
> buffer overflows.
>
> They are a lot harder than ASCIZ strings to compromise, but once
> compromised, they can be way easier than ASCIZ strings to exploit
> for some types of attack.
>
> That's because with counted strings/descriptors, you don't have to
> worry about embedded 0x00 characters terminating the copy so you
> can just directly embed addresses as-is (including 0x00 characters)
> without having to worry about the copy terminating when the first
> 0x00 in your payload is encountered.
>
> Overall, counted strings and descriptors are way better than ASCIZ
> strings but they are not a magical solution and come with risks of
> their own.
>
> However, as Stephen mentioned, it would also be nice to see safer
> versions of the ASCIZ routines introduced and the non-safe versions
> depreciated for kernel mode code.
>
> Notice BTW that I said "safer". I did not say "safe".
>
> Simon.
>

There is no "safe" !

There is just a best effort at being safer.

-- 
David Froble                       Tel: 724-529-0450
Dave Froble Enterprises, Inc.      E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA  15486

More information about the Info-vax mailing list