-3

I have read at many places that string buffer overrun can create problems like adding malicious code or can be easily hacked. But string resides in BSS part and how it can affect code section.

Secondly, even if string is not overrunning, still it can be seen via hex editors, so can't they be equally dangerous?

Thanks.

4

1 回答 1

3

缓冲区溢出strcat可能发生在堆栈分配的字符串上(例如,对本地char buf[12]数组的未经检查的调用)。这就是sprintf不推荐使用的原因,您应该始终使用snprintf

它可以被恶意代码和恶意软件利用,例如shellcode

不要试图编写一些这样的恶意代码:一个少年sendmail在上个世纪因为黑客和剥削而入狱。

顺便说一句,堆内的缓冲区溢出也会通过破坏不相关的数据而带来很多麻烦。

于 2013-08-31T16:47:06.317 回答