Software and web application security

April 4, 2007

Hardening Stack-based Buffer Overrun Detection in VC++ 2005 SP1

Filed under: general — chrisweber @ 9:33 am

The recent Windows .Ani file stack overflow has a lot of people asking the same question.  How did Microsoft’s SDL process miss or punt this bug?  Why did the compiler’s /GS not protect the function?

Michael Howard gives explanation as to why /GS did not protect this type of function, and how it can actually be made to.

http://blogs.msdn.com/michael_howard/archive/2007/04/03/hardening-stack-based-buffer-overrun-detection-in-vc-2005-sp1.aspx

Advertisements

1 Comment »

  1. This unique post, “Hardening Stack-based Buffer Overrun Detection in VC++ 2005 SP1 | Software and web application security” reveals the
    fact that you really know everything that u r communicating about!

    I really fully agree with your blog. Thanks a lot -Pansy

    Comment by www.markwahlbergyouthfoundation.org — April 19, 2013 @ 4:20 pm


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: