memset() vulnerability [closed] - c

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 1 year ago.
Improve this question
I am using memset in an embedded application to delete one data. here is the function:
uint8_t Delete()
{
memset(cure.name, 0x0, 32);
cure.volume = 0;
cure.valid=0;
printf("[*] Cure DELETED\n");
return 1;
}
and I am trying to evaluate it against fault injection attack (clock glitching). As I saw in my experiments after clock glitching memset overwrites the neighbor's memory blocks as well. (they have been filled by zeros). is there any safer (more secure) alternative function for memset that I could use? maybe an instruction which validates the destination block at all the copying step.
Thank you in advance for your help;

memset is a standard library function; it is unlikely to take into consideration intentionally generated hardware glitches.
Firmware protection against these glitches appears to depend on:
making the execution timing unpredictable
adding self-verification code.
I suspect you will have to write your own function to do this; you could add random delays within the loop for zeroing the memory, for example.
I do not know if this is sufficient. You may need more details about what in your system is vulnerable; what instruction is targeted, in order to also add verification code

Related

What code is more CPU expensive: while(*p) or while(i--)? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
What C code is more CPU expensive:
while(*pointer){
pointer++;
}
or
while(counter > 0){
pointer++;
counter--;
}
?
*pointer nominally requires a fetch from memory, and that is generally the most expensive of the operations shown in your code.
If we assume your code is compiled directly to the obvious assembly corresponding to the operations as they are described in C’s abstract machine, with no optimization, modern CPUs for desktop computers are typically capable of executing one loop iteration per cycle, except for the memory access. That is, they can increment a pointer or counter, test its value, and branch, with a throughput of one set of those per cycle.
When these operations are used in real programs, they will usually be dwarfed by the other operations being performed. Compilers are generally so good at optimization that the method used to express the loop iteration and termination has little effect on the performance—optimization will likely produce equivalent code regardless of variations in expression for differences like incrementing a counter versus iterating a pointer to some end value. (This excludes using a pointer to fetch a value from memory for testing. That does raise complications.)
If you already happen to know the size, I'd expect it to be faster to iterate for some known number of times rather than having to test a pointer each iteration to know whether or not to loop again.

Can Endianess of system be changed using c code [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I know that endianess little or big is inherent to the system. Then, how is it possible to change using c code, as I have seen a code, which says it can change the endianess.
Endianess depends on the CPU hardware. So normally you can't do anything about it.
The code you have seen was most likely just tossing bytes around from one endianess to the other. Though some CPUs (for example some PowerPC) do have the possibility to configure endianess by writes to a hardware register.
You can't change the endianness of the system in general (there are bi-endian architectures), this would require you to change the instruction set. You can change the endianness of the data you use though. Take a look at this question to see how.

Is it a good practice to initialize a dynamically allocated structure with all 0 using memset(), if yes what are the benefits? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
In a client-server system where its possible that server may populate only some of the IE and rest has to be treated as default value (0) at client side.
For such a system, is it a good idea to do memset(.., 0, ...) of dynamically allocating memory for the received message before copying the contents of message?
There is no need to initialise memory which immediately gets overwritten after initialisation.
Also unused memory does not need to be initialised. ("unused" here means, that it will never be read.)
All other memory needs to be initialised. Whether this would be done by using memset() and writing 0s to it depends on the specific context and use-case.

How locking actually works [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I got one question a very simple one.
while implementing a simple locking mechanism using global variable.I can't find out how to prevent the access of global variable from 2 processes/thread.
My algorithm (take 2 process)
Process p1 check if variable g is set then do not modify the code.
If not set then set it then modify code.
Same for process 2 .
while executing I got fair result but is it correct.
My doubt in some architecture if 2 instructions are not atomic then how to avoid accessing the global variable at a time.
please give me some basic idea.
Use atomic methods to manipulate the global variable.
Atomic operations are 'built-in' to gcc. While they are not generally 'portable', most compilers offer atomic operations.
For GCC, you might implement something like this:
if(__sync_bool_compare_and_swap(&g, g, g+1))
/* Changed by you. */;
else
/* Another process changed it before you could. Perhaps try again. */

C protecting against heap overflow [closed]

Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
Consider the following function that is supposed to validate passwords:
char *systemkey = ...... ;
int validate(char* key) {
char* k = malloc(16);
char* sk = malloc(16);
strcpy(sk,systemkey);
strcpy(k,key);
return (strncmp(k,sk,16) ==0);
}
If k and sk are allocated consecutively, that it's easy to break the function by supplying 2 identical blocks of 16 bytes each.
If I'm the one writing the compiler/malloc/free/OS, is there any way I can identify MOST of these type of hacks and prevent them?
EDIT
One possible solution is to put some sort of canary word between each two different allocations. Is there another way?
The best you can hope in use by and operating system is an implementation of malloc that randomizes the memory it returns. It doesn't prevent overflows, but makes exploiting them much harder. For large allocations a technique being used is to return the allocation aligned to the end of the page and leaving the next page explicitly unmapped as a guard page.
You can read a little bit on this page and a the links from it to see how OpenBSD implements malloc protection. As far as I'm aware this is the best you can get from a malloc in an operating system in wide use.
If I'm the one writing the compiler/malloc/free/OS, is there any way I can identify MOST of these type of hacks and prevent them?
One possibility is to use a “sound” static analyzer that, if used properly, can guarantee that your program does not access any invalid pointer for any execution. Here is one.
Another is to use dynamic instrumentation. Valgrind is an example of this approach.

Resources