{"id":22863,"date":"2008-04-04T07:00:00","date_gmt":"2008-04-04T14:00:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/oldnewthing\/2008\/04\/04\/status_buffer_overflow-really-should-be-named-status_buffer_overflow_prevented\/"},"modified":"2022-11-30T13:59:00","modified_gmt":"2022-11-30T21:59:00","slug":"20080404-00","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20080404-00\/?p=22863","title":{"rendered":"STATUS_BUFFER_OVERFLOW really should be named STATUS_BUFFER_OVERFLOW_PREVENTED"},"content":{"rendered":"

One category of dubious security vulnerability that comes into the security response team is people who recently discovered the STATUS_BUFFER_OVERFLOW<\/code> status code.<\/p>\n

\n

Title<\/b>: Buffer overflow occurs in scenario\u00a0X<\/p>\n

Description<\/b>: Run a file monitoring tool and perform scenario\u00a0X. In the log, you will see entries that have the error STATUS_BUFFER_OVERFLOW<\/code>. This is an easily reproducible buffer overflow bug.<\/p>\n<\/blockquote>\n

If only the system were so smart that it could detect buffer overflows in this way. But what you’re seeing is not actual a buffer overflow. The status code STATUS_BUFFER_OVERFLOW<\/code> does not mean that a buffer overflow has occurred; rather, it means that the buffer passed by the application was too small to hold all the requested data. Its name should really be STATUS_BUFFER_OVERFLOW_PREVENTED<\/code> or STATUS_INSUFFICIENT_BUFFER<\/code>. Indeed, the corresponding Win32 error code has the less misleading name ERROR_INSUFFICIENT_BUFFER<\/code>.<\/p>\n

Every wannabe security investigator sees this error code in a monitoring tool and says “Jackpot!” And then they send a report to the security response team and brag about it to their friends. “Dude, I found two dozen buffer overflows in just a few minutes. I am so 31337<\/a>!”<\/p>\n","protected":false},"excerpt":{"rendered":"

Because it’s saying that the buffer would have overflowed, not that it did.<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[26],"class_list":["post-22863","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-other"],"acf":[],"blog_post_summary":"

Because it’s saying that the buffer would have overflowed, not that it did.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/22863","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=22863"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/22863\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=22863"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=22863"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=22863"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}