Jump to content


Photo

buffer overflow...


  • Please log in to reply
4 replies to this topic

#1 Tandem

Tandem
  • Members
  • PipPipPip
  • Advanced Member
  • 251 posts

Posted 01 October 2006 - 03:46 PM

I'm having a problem with buffer overflow.

I'm not actually all that familiar with buffer overflow, so forgive/correct me if i get anything wrong.

On my site i have a section where you can input a number and that updates the database, but you have a maximum number. If your input number is higher than your maximum number the transaction with the database is blocked.

However somebody has told me that there is a way to get around this and it seems to work too. You enter a massively long sequence of numbers, in this case he did tens of thousands or numbers, and it somehow bypasses the if statement that blocks it from happening.

Also after you have entered the number it echo's "You successfully entered (number) as your number", but using the buffer overflow method it says "You have successfully entered $inf as your number".

How can i stop this from happening?

Thanks in advance for any replies.

#2 Daniel0

Daniel0
  • Staff Alumni
  • Advanced Member
  • 11,956 posts

Posted 01 October 2006 - 03:51 PM

This should solve your problem.
The thing that solves it is is_finite().

<?php
$min_number	= 0;
$max_number	= 10000;
if(is_numeric($_POST['number'] && $_POST['number'] <= $max_number && $_POST['number'] >= $min_number && is_finite($_POST['number'))
{
	echo "You successfully entered {$_POST['number']} as your number";
}
else {
	echo "You must enter a number within the range {$min_number}-{$max_number}";
}
?>


#3 Tandem

Tandem
  • Members
  • PipPipPip
  • Advanced Member
  • 251 posts

Posted 01 October 2006 - 04:04 PM

When i try to use is_finite i get the error:


Warning: is_finite() expects parameter 1 to be double, string given in C:\Pro..... on line 99

my code is
<?
if (($submit == "Send!") && (!empty($get_proper_name)) && (is_finite($amount))) {
...qureies and stuff here....
}
?>


#4 yonta

yonta
  • Members
  • PipPipPip
  • Advanced Member
  • 70 posts

Posted 01 October 2006 - 04:16 PM

Your variable amount is astring and should be a float. You can use the settype function, like this

settype($amount, "float");

before checking for is_finite.
do it, do it right, do it right now

#5 Tandem

Tandem
  • Members
  • PipPipPip
  • Advanced Member
  • 251 posts

Posted 01 October 2006 - 04:23 PM

Thanks yonta, that appears to be the fix.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users