Shulou(Shulou.com)05/31 Report--

Today, I will talk to you about what the buffer underflow in the Cpicket + program refers to. Many people may not know much about it. In order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.

1. Buffer underflow

Buffer overflows were analyzed in the previous topic (see issue 7), and this article describes another case of buffer overflows-buffer underflows. The causes of buffer overflows described in the buffer overflow topic also apply to buffer underflows, so I won't repeat them in this article. To put it simply, buffer underflow means that when populated data overflows, the overflow partially covers the subordinate buffer. This paper mainly describes the problem from the harm of buffer underflow, its performance in the source code and how to fix it.

2. Harm of buffer underflow

Buffer underflow is a very serious type of vulnerability in the Camp Candle + program, which can lead to program crash, execution of malicious code, and so on. From January to October 2018, there were 494 vulnerability messages related to CVE. Some of the vulnerabilities are as follows:

An overview of CVE vulnerabilities the CVE-2018-1000001Libc Realpath buffer underflow vulnerability occurs because the GNU C library does not properly handle the relative path returned by the getcwd () system call, which is likely to affect other libraries as well. On affected systems, root privileges can be obtained through SUID binary. CVE-2018-1000637zutils is a package of compressed file processing utilities. The program supports compression / decompression, compressed file comparison and compressed file integrity check and other functions. Zcat is one of the unzipped utilities. A buffer overflow vulnerability exists in zcat in previous versions of zutils 1.8-pre2. An attacker can exploit this vulnerability to cause a denial of service or execute arbitrary code with a specially crafted compressed file. There is a buffer underflow vulnerability in the implementation of CVE-2018-5388strongSwan prior to 5.6.3, which can be exploited by an attacker to deplete resources and cause a denial of service. 3. Sample code

The example is derived from Samate Juliet Test Suite for Cinning + v1.3 (https://samate.nist.gov/SARD/testsuite.php), source file name: CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_01.c.

3.1 defect code

In the above sample code, the pointer data is assigned on line 36, and the assignment operation shows that the pointer data points to dataBadBuffer. When line 41 uses strcpy () for memory copy, the source buffer length is larger than the destination buffer length, resulting in an overflow, which exceeds the lower boundary of the dataBadBuffer, resulting in buffer underflow problems.

Using 360 Code Guardian to detect the above sample code, you can detect a "buffer underflow" defect with a high display level. As shown in figure 1:

Figure 1: buffer underflow detection example

3.2 fix the code

In the above fix code, Samate gives the repair method as follows: assign the pointer data on line 37 and point data to dataGoodBuffer, where the length of data is the same as source. When line 42 uses strcpy () for copy operation, the source buffer is the same length as the destination buffer, thus avoiding the problem of buffer underflow. This problem can also be avoided by other methods such as boundary inspection.

Using 360 Code Guardian to detect the repaired code, you can see that there is no "buffer underflow" defect. Figure 2:

Figure 2: test results after repair

4. How to avoid buffer underflow

To avoid buffer underflow, you need to be aware of the following:

(1) avoid using unsafe memory operation functions as far as possible.

(2) the memory operation function which has a clear indication of the return value should effectively judge the return value of the function, so as to judge whether the operation is successful or not.

(3) Boundary checking must be performed when filling data into the buffer.

After reading the above, do you have any further understanding of what the buffer underflow in the CCompact + program refers to? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.