Buffer overflow in the principles of the vernacular of the draft-vulnerability warning-the black bar safety net

2005-11-13T00:00:00
ID MYHACK58:6220054480
Type myhack58
Reporter 佚名
Modified 2005-11-13T00:00:00

Description

First of all,to be described herein to explain the appeal of merely vernacular. Just say some ideas, After all, I also feel trepidation. There is nothing any not understand of place,as long as you can adhere to after reading this article, It will preliminary understand the buffer overflow concept. On buffer overflow,naturally you want from the"buffer zone"speaking. Then,what is"buffer", Learn C language the people should know,when the program about to run, Will check the program will use to variables,and the variables in memory"submission"(or"registration"is more appropriate) A segment,for storing the variable data. Is the separation of the memory area size and the program code of the variable length as. For example,the definition of a variable is 8 characters,then the assigned memory size is also 8. What are the variables,and listen to the following example(maybe not very accurate): For example,you want to calculate a rectangular area,according to the mathematical formula: Lengthwidth=area, Draw. If a rectangular length of 2 0,a width of 1 0,with the program represented perhaps should be as follows: (The following program I want to use any of the compiler are compiled not out,with the head perhaps) Row 1 l=2 0 Line 2 h=1 0 Row 3 s=lh Now let our interpretation of what the"program" Wherein,we use the"l"means"rectangular",and assign a value of"2 0",row 1; Wherein,with the"h"stands for"rectangle width",value"1 0",Row 2; Wherein,with the"s"indicates the"rectangular area",A value of"lh", The vernacular is used"l"multiplied by"h"derived area,line 3,This is also precisely applied to a mathematical formula. The problem also appears,the above procedure is obviously a lot of ills. Because-it can only be calculated for a rectangular area,the world is so much a rectangle,how to calculate?! Do for each rectangle write a program? However things seems to always have a connecting flight,the variable also appears,when there is a variable,we can input (Through your keyboard)data to the program,the program after acceptance,then calculates the corresponding rectangle. The program might be as follows: Row 1 +------ Enter"long" Row 2 | input"wide"---------------------+ Row 3 +------ long variable | Row 4 wide variables---------------------+ Row 5 gathered enough information,perform s=lh Things like this have been resolved? No,after the above review,our preliminary understanding of some of the program's knowledge. Now enter the buffer overflow this concept. Also have to bring a variable,we in the present ask of the second paragraph mentioned: "When the program about to run,will check the program will use the variable, And for the variable in memory"zoned"out (Or use the"registration"is more appropriate)a paragraph,for storing the variable data. Is the separation of the memory area size and the program code of the variable length as. For example,the definition of a variable is 8 characters,then the assigned memory size is also 8." Let us look at this paragraph: "Is the separation of the memory area size and the program code of the variable length as. For example,the definition of a variable is 8 characters,then the assigned memory size is also 8." The question arises,why to a variable define a length? I so understood, Because it needs to be in memory allocated out of thespaceto the variables provide data storagespace, If,without having first defined the variable length of the data(or careful to say"most length"), Then,our computer is going to assign it and how muchspace? 1K? 1M? 1G? Oh,apparently their definition of a length is necessary! What is buffer overflow? What is the harm? The shock wave you should be familiar with,it is the use of the ms04-0 1 1 vulnerability, Is a buffer overflow exploit. As for the hazards, You can check out the previous post or had the privilege to experience? The following content and perhaps very General,but it is what I understand. Or for example: Trying to we want to write a following program, The program is run it will automatically read in the same directory as 1. txt content ,And write to the variable A. The code is as follows(note: the"//"post as a comment) Line 1 The variable A[1 0] //set up a variable A,The length 1 0 Line 2 reads the program in the same directory as 1. txt content Line 3 reads the contents written to the variable A -=Program finished=- Looks like a very in line with the logic of the program,but the problem just appeared: If the 1. txt as follows: 1 2 3 4 5 6 7 8 9 Then,the problem does not occur If,1. txt as follows: 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 This will how? To analyze, This time the program will be performed to the second row, When executing the third line will produce an overflow! The problem is in the program of the"line 1", Because it defines a variable length of 1 0,and 1. txt of content is far greater than the 1 0,in other words,the segment of memory to be propped up. Be hold on the memory will overflow,like,a Cup of water,full,and also continue on the inside down, Is bound to affect the table's health(I think this metaphor better interpretation of the"overflow"of the second word) This article reader,you understand? (Please also GG have a lot of guidance and help, little brother!)