× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. November 2004

RE: iSeries buffer overflow immunity?

I think it depends where you are - applications programming, systems, APIs,
etc.

I have a program that calls the List ILE program information API (QBNLPGMI).
I coded a program at V4R5 using this API. After we upgraded to V5R2, the
program stopped working. When testing the program we got an error on a WRITE
operation to an external printer file. Dumping the program resulted in a
partially-processed dump.

The program calls the QBNLPGMI API, throwing its output to a user space. The
user space entries are processed. We read the user space header to get the
size of each entry. Then in the processing loop, we pass in that size (from
the header) to retrieve the contents. The problem was, the receiver area
(PGML0100) changed in size from 507 bytes to 3996 bytes. We told the
retrieve user space API to give back 3996 bytes (from the US header) but
only provided 507 bytes in the receiver variable.

The extra 3500 bytes were overwriting storage outside the variable space,
which happened to belong to some print control data in the RPG program. The
WRITE operation didn't understand the gibberish we put in its work area
(buffer overflow) and died. Changing the retrieve user space call from using
the entry size from the header to the actual size of the receiver variable
solved the problem.

The worst thing that happened for me was my utility program stopped working.
I don't know how aggressively the OS protects system programs and data, but
fortunately no system damage occurred.

OS/400 does provide some pointer protection, that's all those MCH3601
errors.

Long story to show that even in regular RPG programming, there are
possibilities of buffer overflows. To use IBM's parlance, the "results are
unpredictable".

--Loyd

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Rich Duzenbury
Sent: Wednesday, November 03, 2004 3:58 PM
To: ISeries Mailing List
Subject: iSeries buffer overflow immunity?

Is the iseries invulnerable to buffer overflows?  I was doing a bit of
googling, and it seems there is a general impression from individual
users that things are OK, but I don't see such information from large
companies or vendors.

I routinely make calls from ILE RPG into the C runtime library, in what
I believe are 'safe' calls.  We have more and more C code converted to
run on the iSeries, such as the Apache HTTP server.

As buffer overflows have been found in things like Apache, it stands to
reason that the iSeries version would have been compiled from the same
source code, and thus have the same coding error.  But, can the coding
error be exploited?  Denial of service?  Privilege escalation?

I'm not aware of any systems that have been compromised in any way, but
I'd like to find some assurances about that.

Thanks.

--
Regards,
Rich

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.