Shulou(Shulou.com)05/31 Report--

C language memory allocation function is contaminated example analysis, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can get something.

1. Contaminated memory allocation

The memory allocation functions of C language include malloc (), kmalloc, smalloc (), xmalloc (), realloc (), calloc (), GlobalAlloc (), HeapAlloc () and so on. Taking malloc () as an example, the prototype of the malloc () function is:

Extern void*malloc (unsignedintnum_bytes)

The malloc () function allocates num_bytes bytes of memory and returns a pointer to that memory. When the integer of the memory allocation length comes from an untrusted source that may be contaminated, if the external input data is not effectively judged, it will lead to a very large memory allocation. Untrusted sources that may be contaminated include command line parameters, configuration files, network communications, databases, environment variables, registry values, and other inputs from outside the application.

2. Harm of contaminated memory allocation

Directly use the contaminated data as the length parameter of the memory allocation function, such as passing in a large integer value, the program will allocate a large piece of memory accordingly, resulting in a great memory overhead of the system, and even a denial of service attack.

There is also some vulnerability information related to it in CVE, and there are four related vulnerability information in CVE from January 2018 to March 2019. The vulnerability information is as follows:

CVE Overview CVE-2018-there is a security vulnerability in the'_ _ zzip_parse_root_directory' function of the zzip/zip.c file in version 0.13.68 of 6869ZZIPlib. Remote attackers can use specially crafted zip files to exploit this vulnerability to cause a denial of service (uncontrollable memory allocation and crash). A security vulnerability exists in the 'PoDoFo::PdfVecObjects::Reserve' function of the base/PdfVecObjects.h file in version 0.9.5 of CVE-2018-5783PoDoFo. Remote attackers can use specially crafted pdf files to exploit this vulnerability to cause a denial of service (uncontrolled memory allocation). A security vulnerability exists in the 'PdfParser::ReadXRefSubsection' function of the base/PdfParser.cpp file in version 0.9.5 of CVE-2018-5296PoDoFo due to the program's failure to control the allocation of memory. Remote attackers can exploit this vulnerability to cause a denial of service via a specially crafted pdf file.

3. Sample code

The example used in this section refers to CWE-789: Uncontrolled Memory Allocation (the code example provided by http://cwe.mitre.org/data/definitions/789.html), and defines the GetUntrustedInt () function in the example.

3.1 defect code

In the above sample code, in line 9, the malloc () function is used to allocate memory with a length of totBytes bytes. By tracking the path, you can see that totBytes passes size*sizeof (char) on line 6. The result of the calculation is assigned, and the value of size is the user keyboard input obtained by line 7 using the scanf () function, which is the contaminated data source, resulting in the pollution of the memory allocation length totBytes and the problem of "contaminated memory allocation".

Using 360 Code Guardian to detect the above sample code, you can detect "contaminated memory allocation" defects, the display level is high. As shown in figure 1:

Figure 1: detection example of contaminated memory allocation

3.2 fix the code

In the above repair code, although the source of the totBytes is contaminated data, the length of the totBytes is effectively limited in line 10, thus avoiding the contaminated memory allocation.

Using the 360 Code Guardian to detect the repaired code, you can see that there is no "contaminated memory allocation" defect. Figure 2:

Figure 2: test results after repair

4. How to avoid contaminated memory allocation

(1) avoid using the contaminated data directly as the length parameter of the memory allocation function, and if it cannot be avoided, the contaminated data should be effectively limited.

(2) this kind of problem can be found effectively by using source code static analysis tool.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.