Is buffer overflow/overrun possible in completely managed asp.net c# web application

c# asp.net buffer-overflow buffer-overrun
Pradeep Kumar Mishra picture Pradeep Kumar Mishra · Oct 1, 2008 · Viewed 7.9k times · Source

Can there be buffer overflow/overrun vulnerabilities in completely managed asp.net web portal.If yes how can this be tested.

Answer

Mark Bessey picture Mark Bessey · Oct 1, 2008

In the general case, you don't need to worry about buffer overruns. This is one of the major advantages of managed code, garbage collection being perhaps the other major advantage.

There are a few edge cases that you should be aware of - any time your managed code interacts with unmanaged code (Win32 API calls, COM interop, P/Invoke, etc) there is a potential for buffer overruns in the unmanaged code, based on parameters passed in from managed code.

Also code marked as "unsafe" can directly manipulate memory addresses in such a way as to cause buffer overflow. Most C# code is written without using the "unsafe" keyword, though.

Related questions

How to get the URL of the current page in C#

Can anyone help out me in getting the URL of the current working page of ASP.NET in C#?

Read More
How do you set the Content-Type header for an HttpClient request?

I'm trying to set the Content-Type header of an HttpClient object as required by an API I am calling. I tried setting the Content-Type like below: using (var httpClient = new HttpClient()) { httpClient.BaseAddress = new Uri("http://example.com/"); httpClient.DefaultRequestHeaders.…

Read More
The request was aborted: Could not create SSL/TLS secure channel

We are unable to connect to an HTTPS server using WebRequest because of this error message: The request was aborted: Could not create SSL/TLS secure channel. We know that the server doesn't have a valid HTTPS certificate with the …

Read More