The "buffer overflow" vulnerability is a long-standing type of vulnerability. Although the compilers of modern operating systems can prevent the emergence of this type of vulnerability to a large extent, as a qualified C programmer, it is still necessary to correct To understand the principle of such vulnerabilities to a certain extent, today I will take you to analyze such vulnerabilities.
Principle analysis
First, we first analyze the principle of buffer overflow:
The principle of buffer overflow is very simple, and it can be summed up in one sentence: the program has written to the buffer more than the maximum data that can be stored in the buffer.
In order to facilitate everyone's understanding, let's give an example.
The function of the following three lines of code is very simple, that is, to create a char type array dst, and then use the strcpy function to copy the string "123456789" to dst. But here comes the problem. The size of dst itself is only 4 bytes, but it has to accept a string of length 9. If the copy is successful, it will definitely overwrite some space in the memory that should not be occupied.
:chardst[4];
charsrc=“123456789”;
strcpy(dst,src)
The harm of buffer overflow
After understanding the principle, let me take the buffer overflow on the stack as an example to talk about the specific hazards.
In the stack structure shown in the figure below, if a 16-byte string is assigned to the acArrBuf array, both EBP and the return value will be overwritten. At this time, if the hacker overwrites the function return value with carefully constructed data, when the function returns, he will go to the return value address covered by the hacker to execute the pre-arranged attack code.
How to prevent it?
In order to prevent buffer overflow, try to do the following two points when writing programs
1: Use safe functions. Some common high-risk functions are listed below. It is recommended that you avoid using them as much as possible.
Function severity solution
Gets is the most dangerous use of fgets (buf, size, stdin)
strcpy is very dangerous. Use strncpy instead.
Strcat is very dangerous. Use strncat instead.
Sprintf is very dangerous. Use snprintf instead, or use precision specifiers.
Scanf is very dangerous to use precision specifiers, or to parse it yourself.
sscanf is very dangerous to use precision specifiers, or to parse it yourself.
fscanf is very dangerous to use precision specifiers, or to parse it yourself.
vfscanf is very dangerous to use precision specifiers, or to parse it yourself.
vsprintf is very dangerous. Use vsnprintf instead, or use precision specifiers.
vscanf is very dangerous to use precision specifiers, or to parse it yourself.
vsscanf is very dangerous to use precision specifiers, or to parse it yourself.
streadd is dangerous to ensure that the size of the destination parameter allocated is four times the size of the source parameter.
2: Strictly check the input length and buffer length.
Posted on 2020-04-17