Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Dec 1, 2012
by Meredith L. Patterson and Sergey Bratus
Any code that transforms data has to make some assumptions about what it receives; it\'s up to some other code to recognize if the data is as it expects. The sole purpose of this recognizer is to protect subsequent innocent code from being lured into memory corruption or from otherwise aiding and abetting pwnage. Sadly, a lot of actual input handling code is a mixture of data processing and recognition, scattered throughout a codebase. Its "sanity checking" is neither strong enough to verify all the implicit assumptions, nor written with these assumptions in mind. We call such input handling code "shotgun parsers" and argue that it's the number 1 reason for the ubiquitous insecurity of programs facing the internet. In this talk, we will discuss examples of shotgun parsers across the layers of a TCP/IP stack (and well-attested exploits for them, drawn from the pages of Phrack) and show how to rein them in with a principled approach to building recognizers. From digital radio physical layer frames to SQL injection, shotgun parsers sow distraction and must be eliminated if we are to trust how programs process input. Our previous talks (see langsec.org) concentrated on theory; in this talk, we take the practical software-engineering view. We'll demonstrate how to apply our axiom of "full recognition before processing" in practice, using the Hammer parsing library (https://github.com/UpstandingHackers/...) to implement protocol message formats and the Ragel state machine compiler (http://www.complang.org/ragel/) to implement protocol internals.