Buffer overflow is a program vulnerability caused by an application writing data to a smaller buffer . Buffer overflow vulnerabilities are often used by attackers to rewrite data in memory . Because of the image C and C++
language , The programmer can manipulate the memory, which leads to the risk of buffer overflow .

stay C and C++ Many early buffer overflow vulnerabilities found in programs , Are caused by string operations . For example, use strcpy() and strcat()
Such a function . in view of this situation , The equivalent functions with boundary restrictions of these functions are introduced , as strncpy() and strncat()
. These bounded functions take a parameter , Limit the total amount of data written to the destination buffer .

Be careful when working with strings in unsafe programming languages . Beware of user input , Limit length and boundary , Some secure string class libraries will make the application more secure .

The best way to prevent buffer overflow attacks is to use a programming language that enforces memory security and type safety , for example Java Language and C#
language . Security language should have two characteristics to ensure the memory allocation scope of program : Memory security and type safety . Memory security means that the program does not read or write data beyond the allocated area . To ensure memory security , Programming languages must enforce type safety , To remember memory allocation boundaries .

Java
Programmers are not required to explicitly allocate and free memory , It's all done automatically by the garbage collector . The garbage collector checks the references of objects from time to time , And reclaim the memory occupied by unreferenced objects . There are two ways to determine whether a piece of memory space meets the recycling criteria :

1) Null value is given to the object null, Never called again .

2) Gives the object a new value , Reallocated memory space .

stay Java
Memory leaks can also occur in programs , That is, these objects are reachable ( Will be quoted ), At the same time, these objects are useless ( The program will not use these objects in the future ). If these two conditions are met, the object will not be recycled , Always occupied memory space .

Here's an example of a simple memory leak :

Vector v = new Vector();

for(int i=1;i<100;i++){

Object o = new Object();

v.add(o);

o = null;

}

be-all Object No objects have been released , because v These objects are referenced .

 

Integer Overflow

When an integer value is greater than or less than its range , An integer overflow will occur . Because of all built-in integer types (char,short,int,long
) They are represented by a fixed number of digits , So the range of its representation is limited . When the value exceeds the maximum or minimum range , It will “ Wrap around ”. such as , A very large integer becomes a negative number .

For example, the following program simulates an e-commerce site . Read the number of items purchased from the page , Assume the value of each commodity 100 element .

String numStr = request.getParamter("num");

int numInt = Integer.parseInt(numStr);

if(numInt > 0){

int total = numInt * 100;

}

If the attacker provides a large enough quantity of goods , for example 42949671. multiply 100 And then it's beyond the signed 32 The range represented by a bit integer , The total price will be -196.

The best way to avoid integer overflow is , Verify that all integer inputs are within the upper and lower bounds . The upper and lower bounds should be selected so that any subsequent calculation results will not exceed the capacity limit of the variables used .

java  Defined 4 Integer types : Byte type (byte), Short (short), integer (int), Long integer (long ). These are signed values , Positive or negative .Java 
Only positive unsigned integers are not supported .

name type length Range
character char byte 8
-128 ~ 127

Short short 16
–32,768 ~ 32,767

integer int 32
–2,147,483,648 ~ 2,147,483,647

Long integer long 64
–9,223,372,036,854,775,808 ~ 

                      9,223,372,036,854,775,807
 

Technology
©2019-2020 Toolsou All rights reserved,
Golang Array bisection , Array split , Array grouping el-select Get selected label value PostgreSQL: Nine . Indexes experiment 11-1-6 Output string at specified position (20 branch )latex Custom commands in ———\newcommandjava Compile time and runtime exceptions in golang One line of code converts the slice into a semicolon separated string python Dynamic programming for single source shortest path Theory and formula derivation of univariate linear regression and multiple linear regression Python realization switch method