|
midrange.com
Correct, you cannot assume that admin_flag0 and admin_flag1 are physically
located around buffer. Defining them as subfields within a data structure
would.
I used your definitions and defined some integer fields (diff1 and diff2).
diff1 = %addr(Buffer) - %addr(admin_flag0) resulted in 8; diff2 =
%addr(admin_flag1) - %addr(Buffer) resulted in -7. This suggests that with
my current release, PTF level, etc. that storage has been laid out as
admin_flag0, admin_flag1, filler, buffer. You cannot however rely on this
-- a PTF and recompile of your program, or recompiling on a different
release, could alter all of this...
Bruce
Rich Duzenbury
<rduz-midrange@we
sternmidrange.com To
> Midrange Systems Technical
Sent by: Discussion
midrange-l-bounce <midrange-l@xxxxxxxxxxxx>
s+bvining=us.ibm. cc
com@xxxxxxxxxxxx
Subject
Re: iSeries buffer overflow
11/05/2004 11:16 immunity?
PM
Please respond to
Midrange Systems
Technical
Discussion
That's what I had initially thought, too, but my experimental code did
not fail:
D admin_flag0 s 1 inz('N')
D buffer s 5
D admin_flag1 s 1 inz('N')
D ptr s *
D memory s 6 based(ptr)
/free
ptr = %addr(buffer);
memory = '12345Y';
if admin_flag0 = 'Y' or admin_flag1 = 'Y';
dsply 'Uh-Oh';
endif;
*inlr = '1';
/end-free
What did I do wrong? Can I not be sure that the admin_flag0 and
admin_flag1 are located next to the unprotected buffer?
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
