OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: reverse engineer c or java
From: panteraBALANCEPOINTGOLF.COM
Date: Sun May 21 2000 - 13:00:27 CDT


Date sent: Sun, 21 May 2000 19:50:46 +0200
Send reply to: Bluefish <11aGMX.NET>
From: Bluefish <11aGMX.NET>
Subject: Re: reverse engineer c or java
Originally to: "zaboo.ma.fu" <initd_DIGITAL.NET>

> > security in any program you write? Write well thought out code.
> > Learn about common bugs such as bad 'system()' placement or
> > buffer overruns.
>
> Btw, on the topic of java! Has there been published any research upon
> buffert overruns in java? I assume the class String is more or less
> secure, but are there security concerns related to usage of e.g. arrays?

Java automatically performs bound checking on arrays. For
example, if you try and add more elements to an array than you
should:

int arr[] = new int[5];
int arr_length = arr.length + 50;

for (int i = 0; i < arr_length; i++)
{
        arr[i] = i;
}

Java throws an ArrayIndexOutOfBoundsException:

java.lang.ArrayIndexOutOfBoundsException at
ArrayTest.<init>(ArrayTest.java:10) at
ArrayTest.main(ArrayTest.java:16) Exception in
thread "main" Process Exit...

Automatic bounds checking eliminates buffer
overflows in the traditional sense. Anyone have
any further comments/research on this topic?

- xp