Skip to content

Commit 746a2f6

Browse files
david-a-wheelerdavid-a-wheeler
authored
Oob1 simplify (#471)
* Simplify lab oob1 Signed-off-by: David A. Wheeler <[email protected]> * Add some hints Signed-off-by: David A. Wheeler <[email protected]> * Add oob1 to README Signed-off-by: David A. Wheeler <[email protected]> --------- Signed-off-by: David A. Wheeler <[email protected]>
1 parent c517bcc commit 746a2f6

File tree

2 files changed

+10
-13
lines changed

2 files changed

+10
-13
lines changed

docs/labs/README.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ Here are the labs available:
1919
* [regex1](regex1.html) - regular expressions (regexes)
2020
* [input2](input2.html) - input validation (more complex situations)
2121
* [csp1](csp1.html) - Content Security Policy (CSP)
22+
* [oob1](oob1.html) - Out-of-bounds (OOB)
2223

2324
## Please contribute labs
2425

@@ -76,7 +77,7 @@ The items marked "PLANNED-1" are those we intend to do first;
7677
* Avoid Default & Hardcoded Credentials - PLANNED-1
7778
* Avoid Incorrect Conversion or Cast - PLANNED-2
7879
* Processing Data Securely: Undefined Behavior / Memory Safety
79-
* Countering Out-of-Bounds Reads and Writes (Buffer Overflow) - PLANNED-1
80+
* Countering Out-of-Bounds Reads and Writes (Buffer Overflow) - [oob1](oob1.html)
8081
* Double-free, Use-after-free, and Missing Release - PLANNED-1
8182
* Avoid Undefined Behavior - PLANNED-2
8283
* Processing Data Securely: Calculate Correctly

docs/labs/oob1.html

Lines changed: 8 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,11 @@
5757
- absent: |
5858
\(
5959
text: Need "(...)" around the condition after an if statement.
60+
- absent: |
61+
>
62+
text: Need comparison "if ( ... > ....)"
63+
- absent: return
64+
text: Need "return 0;" to skip attempts to send a too-long response.
6065
definitions:
6166
- term: RETURN0
6267
value: |
@@ -232,10 +237,8 @@ <h2>Interactive Lab (<span id="grade"></span>)</h2>
232237
unsigned char *p = &s->s3->rrec.data[0], *pl;
233238
unsigned short hbtype;
234239
unsigned int payload;
235-
unsigned int padding = 16; /* Use minimum padding */
236240

237241
// ... Some details omitted here
238-
239242
<textarea id="attempt0" rows="3" cols="60" spellcheck="false">
240243
if ()
241244
;
@@ -246,17 +249,10 @@ <h2>Interactive Lab (<span id="grade"></span>)</h2>
246249
if ()
247250
;
248251
</textarea>
249-
250-
// ... Later on there are these lines, which create a buffer
251-
// with enough room for a response, but uses a "memcpy" to
252-
// copy the payload data. At this point in the code it's assumed
253-
// that the payload's asserted length will fit in its created buffer.
254-
// buffer = OPENSSL_malloc(write_length);
255-
// bp = buffer;
256-
// *bp++ = TLS1_HB_RESPONSE;
257-
// s2n(payload, bp);
252+
// ... Later on there will be a memory copy ("memcpy")
253+
// to copy the payload data into a new buffer. If we
254+
// had not checked, it would not be long enough:
258255
// memcpy(bp, pl, payload);
259-
260256
</code></pre>
261257
<button type="button" class="hintButton">Hint</button>
262258
<button type="button" class="resetButton">Reset</button>

0 commit comments

Comments
 (0)