问题标签 [buffer-overrun]
For questions regarding programming in ECMAScript (JavaScript/JS) and its various dialects/implementations (excluding ActionScript). Note JavaScript is NOT the same as Java! Please include all relevant tags on your question; e.g., [node.js], [jquery], [json], [reactjs], [angular], [ember.js], [vue.js], [typescript], [svelte], etc.
c - 尝试缓冲区溢出
我最近参加了一个安全课程,其中我们简要介绍了缓冲区溢出。我对我们所涵盖的内容不满意,所以我寻找了一些示例来跟随并尝试自己并发现了缓冲区溢出攻击
我喜欢这个例子,因为它很容易理解和理解为什么一切正常。我试图跟随,但在 Debian 虚拟机而不是 Windows 中。
这是来自该站点的 C 代码:
代码通过给出两个函数 foo 和 bar 的地址来“作弊”。最终目标是让 bar 仅使用缓冲区溢出来运行。为此,他们提供了一个简短的 Perl 脚本:
由于我使用的是 Linux 而不是 Windows,并且由于我的bar函数地址略有不同,所以我做了几个简单的修复:
我认为它应该以与他们的示例相同的方式工作;Perl 脚本运行并将填充文本提供给程序,然后是新的返回地址以运行bar。但这对我不起作用。
这是运行我的 Perl 脚本的输出:
在我的输出中,唯一似乎包含任何填充文本的地址是最后一个地址的第三个地址,即返回地址之前的地址。
我怀疑问题出在使用 gcc 编译我的程序,但我不确定究竟是什么原因造成的。问题也可能是 Debian。这是我编译程序的方式:
我希望在没有堆栈保护器的情况下进行编译将使我能够毫无问题地遵循该示例。
任何帮助都会很棒,我完全陷入困境。实际上,我可以简单地切换到 Windows,但此时我真的很想知道它为什么不起作用以及如何修复它。
c - 如何使用缓冲区溢出来执行 shell 代码?
我正在学习缓冲区溢出的工作原理,并尝试了一些基本的缓冲区溢出案例,但在更改返回地址时出现错误。返回地址是正确的,并且该内存中的操作也正确,但我的问题是 rip(指令指针)不会移动到该地址。
我的简单程序代码:
首先我在 gdb 中搜索我的“str”地址,然后我找到了它,0x7fffffffe0d0返回地址位于,0x7fffffffe1d8所以我有 264 个可用空间来输入 NOP 和 shellcode。但是在我编译它之后,gcc 仍然给我分段错误,当我调试它时,gdb 问我0x00007fffffffe110 in ?? ()返回地址与我写的语法相同,我想移动到那个地址,因为那个内存仍然包含 NOP,我坚持指令指针会指向 shellcode。有人可以帮我解决我的问题。
我在 gdb 中的语法:
谢谢 !!
c - 主机名数组是否应该为 gethostname 声明为 MAXHOSTNAMELEN+1?
我正在修复一个调用gethostname(),旧代码将hostName数组声明为 10 个字符,导致边界错误,因为主机名比那个大。我的解决方法是声明hostName使用MAXHOSTNAMELEN(我的平台parm.h声明为 64)。另一位程序员现在说需要将数组声明为hostName[MAXHOSTNAMELEN+1]并清除,因为(来自他的电子邮件):
这来自手册页:POSIX.1-2001 保证“主机名(不包括终止的空字节)限于 HOST_NAME_MAX 字节”</p>
因此,要处理所有情况,您必须将缓冲区大小加一并使用空字符初始化缓冲区。
现在我在网上看到的每个示例都在执行 a char hostName[MAXHOSTNAMELEN],并且由于调用要么有效要么无效,因此将数组归零或将其初始化为 null 对我来说毫无意义,hostName因为如果它有效,则数组被设置为主机名称,如果不是,则调用返回错误。
将参数声明或初始化为的可靠方法是什么gethostname()?
c++ - CODESONAR 对 stl::map 迭代器使用的缓冲区溢出注释
请参阅上面的代码片段。我正在为此运行 CODESONAR(静态分析工具)。我的问题是,在最后一行 ( pstInfo = itrReqInfo->second;),CODESONAR 显示以下错误:
此代码读取超出 itrReqInfo-> 指向的缓冲区的末尾。
. itrReqInfo-> 计算结果为 &wstrFirst._Bx。
. 读取的第一个字节位于 itrReqInfo-> 指向的缓冲区开头的偏移量 48 处,其容量为 48 个字节。
. 偏移量超出容量。
. 溢出发生在堆栈内存中。如果执行突出显示的代码,则可能会出现此问题。
(此处突出显示的代码表示pstInfo = itrReqInfo->second;)
是假阳性吗?如果没有,我该如何解决?
heap-memory - 堆溢出攻击,这段代码有什么问题
此代码是否遭受堆溢出攻击?
c - 运行时检查失败 #2 - 变量 'obj' 周围的堆栈已损坏
当我运行以下代码时,出现运行时检查失败 #2 - 变量“obj”周围的堆栈已损坏错误。我知道这是因为覆盖'obj'的边界导致堆栈损坏而失败。那么这里如何防止缓冲区溢出。
c++ - Array 的洗牌元素:基于堆栈的缓冲区溢出错误
我给定的代码是原始程序的问题部分。它随机交换 myArray 的两个元素 N 次,循环次数为 T。该程序做了它应该做的,但是在点击“return 0”后它显示“program.exe已停止工作”的错误消息。调试输出显示
为什么程序在完成工作后显示错误?我怎样才能解决这个问题 ?
编辑:我必须生成从 0 到 (N-1) 的随机整数。在 myArray 中调用第 N 个位置会产生问题。
但以下两种方法都不是统一生成随机整数。
也不
关于这种方法的问题有一个很好的视频。(N-1)*rand()正如 Mic 和 Bob__ 所指出的那样,还有一个溢出的问题。
这种取模方法对于大范围的随机整数也非常低效(详情请查看本文)。因此,我生成统一随机数的最佳机会是以下方法(从文章中借用)。
同样对于洗牌数组元素,最好使用random_shuffle函数或Fisher–Yates shuffle获得最佳性能。
c++ - 缓冲区溢出 - 似乎无法找到问题
我试图在这个产生“缓冲区溢出警告”的简单示例代码中找到问题,在查看了一段时间后,我决定发布这个问题,希望有人可能会在我的代码中看到错误?
消息:警告 C6386写入 'tmpArray' 时缓冲区溢出:可写大小为 'line.public: unsigned int __thiscall std::basic_string,class std::allocator >::length(void) const ()*12*4'字节,但可能会写入“52”字节。
产生警告的示例:
我看不到我要进入不属于 tmpArray 的内存的位置,我的意思是缓冲区是根据与字符串长度和步长相同的值精确分配的。
c++ - 缓冲区溢出发生在 SystemTimeToVariantTime
这是我的代码。它将包含日期和时间的 wstring 转换为DATE类型。但是,当我运行这部分代码时,当调试器离开此函数范围时,它总是抛出异常,说“缓冲区溢出”。我也尝试将其更改为void ConvertDateIntoSystemFormat(std::wstring dateModified,DATE* date)并尝试在将其传递给此函数时为日期分配内存或尝试使用LPSYSTEMTIME而不是SYSTEMTIME,或尝试在函数内部DATE ConvertDateIntoSystemFormat(std::wstring dateModified)声明DATE date但它们都不起作用,缓冲区溢出问题仍然发生。如何解决这个问题?
streamsets - Streamsets 在尝试解析有效 JSON 时出现此错误
我正在为一个项目设置流集。它的来源是 Kafka 消费者。它适用于较小的消息,但是当消息大小较大时,它会引发此错误。
我已经将 Max Object Length (chars) 设置为 1000000 并将 parser.limit 属性设置为 10335040。我无法弄清楚这个问题。
不适用
完整的堆栈跟踪是
此 json 失败:-
{"payload":{"data":{"aIndex":"application0502","aType":"application","pIndex":"profile000","pType":"profile","da":{"clientId ":"168613","clientType":"1","statusDataList":{"68348":{"PAYMENT_STATUS":1,"UNIQUE_KEY":"168613_68348","CURR_STATUS":"1949","CURR_SUB_STATUS": null,"STATUS_VALUE":1949,"SUB_STATUS_VALUE":null,"STATUS_STATE":0,"OWNERS_BY_CURR_STATUS":[],"ADDITIONAL_OWNERS":[],"CURR_STATUS_UPDATEDBY":"76866550","CURR_STATUS_DATE":"2019-05 -21 17:18:59","REQ_EMPLOYERID":"4103","REQ_POSTED_BY":"76866550"},"68349":{"PAYMENT_STATUS":1,"UNIQUE_KEY":"168613_68349","CURR_STATUS":"1949","CURR_SUB_STATUS":null,"STATUS_VALUE":1949,"SUB_STATUS_VALUE":null," STATUS_STATE":0,"OWNERS_BY_CURR_STATUS":[],"ADDITIONAL_OWNERS":[],"CURR_STATUS_UPDATEDBY":"76866550","CURR_STATUS_DATE":"2019-05-21 17:18:59","REQ_EMPLOYERID":"4103 ","REQ_POSTED_BY":"76866550"},"68351":{"PAYMENT_STATUS":1,"UNIQUE_KEY":"168613_68351","CURR_STATUS":"1949","CURR_SUB_STATUS":null,"STATUS_VALUE":1949, "SUB_STATUS_VALUE":null,"STATUS_STATE":0,"OWNERS_BY_CURR_STATUS":[],"ADDITIONAL_OWNERS":[],"CURR_STATUS_UPDATEDBY":"76866550","CURR_STATUS_DATE":"2019-05-21 17:19:00","REQ_EMPLOYERID":"4103","REQ_POSTED_BY":"76866550"},"68365 ":{"PAYMENT_STATUS":1,"UNIQUE_KEY":"168613_68365","CURR_STATUS":"1949","CURR_SUB_STATUS":null,"STATUS_VALUE":1949,"SUB_STATUS_VALUE":null,"STATUS_STATE":0," OWNERS_BY_CURR_STATUS":[],"ADDITIONAL_OWNERS":[],"CURR_STATUS_UPDATEDBY":"76866550","CURR_STATUS_DATE":"2019-05-21 17:18:59","REQ_EMPLOYERID":"4103","REQ_POSTED_BY": "76866550"},"68366":{"PAYMENT_STATUS":1,"UNIQUE_KEY":"168613_68366","CURR_STATUS":"1949","CURR_SUB_STATUS":null,"STATUS_VALUE":1949,"SUB_STATUS_VALUE":null,"STATUS_STATE":0,"OWNERS_BY_CURR_STATUS":[],"ADDITIONAL_OWNERS":[]," CURR_STATUS_UPDATEDBY":"76866550","CURR_STATUS_DATE":"2019-05-21 17:19:00","REQ_EMPLOYERID":"4103","REQ_POSTED_BY":"76866550"},"68367":{"PAYMENT_STATUS": 1,"UNIQUE_KEY":"168613_68367","CURR_STATUS":"1949","CURR_SUB_STATUS":null,"STATUS_VALUE":1949,"SUB_STATUS_VALUE":null,"STATUS_STATE":0,"OWNERS_BY_CURR_STATUS":[]," ADDITIONAL_OWNERS":[],"CURR_STATUS_UPDATEDBY":"76866550","CURR_STATUS_DATE":"2019-05-21 17:19:00","REQ_EMPLOYERID":"4103","REQ_POSTED_BY":"76866550"},"68369":{"PAYMENT_STATUS":1,"UNIQUE_KEY":"168613_68367 ","CURR_STATUS":"1949","CURR_SUB_STATUS":null,"STATUS_VALUE":1949,"SUB_STATUS_VALUE":null,"STATUS_STATE":0,"OWNERS_BY_CURR_STATUS":[],"ADDITIONAL_OWNERS":[],"CURR_STATUS_UPDATEDBY ":"76866550","CURR_STATUS_DATE":"2019-05-21 17:19:00","REQ_EMPLOYERID":"4103","REQ_POSTED_BY":"76866550"},"68370":{"PAYMENT_STATUS":1 ,"UNIQUE_KEY":"168613_68367","CURR_STATUS":"1949","CURR_SUB_STATUS":null,"STATUS_VALUE":1949,"SUB_STATUS_VALUE":null,"STATUS_STATE":0,"OWNERS_BY_CURR_STATUS":[],"ADDITIONAL_OWNERS":[],"CURR_STATUS_UPDATEDBY":"76866550","CURR_STATUS_DATE":"2019-05-21 17:19:00","REQ_EMPLOYERID":"4103","REQ_POSTED_BY":"76866550"},"68371":{"PAYMENT_STATUS":1,"UNIQUE_KEY":"168613_68367","CURR_STATUS":"1949" ,"CURR_SUB_STATUS":null,"STATUS_VALUE":1949,"SUB_STATUS_VALUE":null,"STATUS_STATE":0,"OWNERS_BY_CURR_STATUS":[],"ADDITIONAL_OWNERS":[],"CURR_STATUS_UPDATEDBY":"76866550","CURR_STATUS_DATE" :"2019-05-21 17:19:00","REQ_EMPLOYERID":"4103","REQ_POSTED_BY":"76866550"},"68372":{"PAYMENT_STATUS":1,"UNIQUE_KEY":"168613_68367","CURR_STATUS":"1949","CURR_SUB_STATUS":null,"STATUS_VALUE":1949,"SUB_STATUS_VALUE ":null,"STATUS_STATE":0,"OWNERS_BY_CURR_STATUS":[],"ADDITIONAL_OWNERS":[],"CURR_STATUS_UPDATEDBY":"76866550","CURR_STATUS_DATE":"2019-05-21 17:19:00"," REQ_EMPLOYERID":"4103","REQ_POSTED_BY":"76866550"}},"recruiterId":"76866550","isActivity":false},"ignoreParamsForIndexing":{"statusDetailsForAsyncActions":{"clientId":"168613", "statusId":"1949","subStatusId":null,"assessmentTestId":"","feedbackFormIds":[],"hiring manager":[],"isBillingEnabled":null,"isOfferGenerationEnabled":null,"statusDataJson":{"assessment":{"action":1," sendToNew":false,"resendToAll":false,"statusId":"1949","subStatusId":null},"CURR_STATUS_DATE":"2019-05-21 17:18:59"}},"projectDetailsForAsyncActions":{ "projectId":"15463"}},"optn":{"_routing":"168613"},"action":22,"activityField":"STATUS_CHANGED"},"dataArray":null,"retryCount":3 ,"additionalHeaders":{},"routingKey":"168613","topic":"rms-search-data"},"headers":{"AppId":123,"SystemId":"1234","X-TRANSACTION-ID":"27108593751"}}
这个 Json 成功了:-
{"payload":{"data":{"aIndex":"application0502","aType":"application","pIndex":"profile000","pType":"profile","da":{"clientId ":"168613","clientType":"1","statusDataList":{"68348":{"PAYMENT_STATUS":1,"UNIQUE_KEY":"168613_68348","CURR_STATUS":"1949","CURR_SUB_STATUS": null,"STATUS_VALUE":1949,"SUB_STATUS_VALUE":null,"STATUS_STATE":0,"OWNERS_BY_CURR_STATUS":[],"ADDITIONAL_OWNERS":[],"CURR_STATUS_UPDATEDBY":"76866550","CURR_STATUS_DATE":"2019-05 -21 17:18:59","REQ_EMPLOYERID":"4103","REQ_POSTED_BY":"76866550"},"68349":{"PAYMENT_STATUS":1,"UNIQUE_KEY":"168613_68349","CURR_STATUS":"1949","CURR_SUB_STATUS":null,"STATUS_VALUE":1949,"SUB_STATUS_VALUE":null," STATUS_STATE":0,"OWNERS_BY_CURR_STATUS":[],"ADDITIONAL_OWNERS":[],"CURR_STATUS_UPDATEDBY":"76866550","CURR_STATUS_DATE":"2019-05-21 17:18:59","REQ_EMPLOYERID":"4103 ","REQ_POSTED_BY":"76866550"},"68351":{"PAYMENT_STATUS":1,"UNIQUE_KEY":"168613_68351","CURR_STATUS":"1949","CURR_SUB_STATUS":null,"STATUS_VALUE":1949, "SUB_STATUS_VALUE":null,"STATUS_STATE":0,"OWNERS_BY_CURR_STATUS":[],"ADDITIONAL_OWNERS":[],"CURR_STATUS_UPDATEDBY":"76866550","CURR_STATUS_DATE":"2019-05-21 17:19:00","REQ_EMPLOYERID":"4103","REQ_POSTED_BY":"76866550"},"68365 ":{"PAYMENT_STATUS":1,"UNIQUE_KEY":"168613_68365","CURR_STATUS":"1949","CURR_SUB_STATUS":null,"STATUS_VALUE":1949,"SUB_STATUS_VALUE":null,"STATUS_STATE":0," OWNERS_BY_CURR_STATUS":[],"ADDITIONAL_OWNERS":[],"CURR_STATUS_UPDATEDBY":"76866550","CURR_STATUS_DATE":"2019-05-21 17:18:59","REQ_EMPLOYERID":"4103","REQ_POSTED_BY": "76866550"},"68366":{"PAYMENT_STATUS":1,"UNIQUE_KEY":"168613_68366","CURR_STATUS":"1949","CURR_SUB_STATUS":null,"STATUS_VALUE":1949,"SUB_STATUS_VALUE":null,"STATUS_STATE":0,"OWNERS_BY_CURR_STATUS":[],"ADDITIONAL_OWNERS":[]," CURR_STATUS_UPDATEDBY":"76866550","CURR_STATUS_DATE":"2019-05-21 17:19:00","REQ_EMPLOYERID":"4103","REQ_POSTED_BY":"76866550"},"68367":{"PAYMENT_STATUS": 1,"UNIQUE_KEY":"168613_68367","CURR_STATUS":"1949","CURR_SUB_STATUS":null,"STATUS_VALUE":1949,"SUB_STATUS_VALUE":null,"STATUS_STATE":0,"OWNERS_BY_CURR_STATUS":[]," ADDITIONAL_OWNERS":[],"CURR_STATUS_UPDATEDBY":"76866550","CURR_STATUS_DATE":"2019-05-21 17:19:00","REQ_EMPLOYERID":"4103","REQ_POSTED_BY":"76866550"},"68369":{"PAYMENT_STATUS":1,"UNIQUE_KEY":"168613_68367 ","CURR_STATUS":"1949","CURR_SUB_STATUS":null,"STATUS_VALUE":1949,"SUB_STATUS_VALUE":null,"STATUS_STATE":0,"OWNERS_BY_CURR_STATUS":[],"ADDITIONAL_OWNERS":[],"CURR_STATUS_UPDATEDBY ":"76866550","CURR_STATUS_DATE":"2019-05-21 17:19:00","REQ_EMPLOYERID":"4103","REQ_POSTED_BY":"76866550"},"68370":{"PAYMENT_STATUS":1 ,"UNIQUE_KEY":"168613_68367","CURR_STATUS":"1949","CURR_SUB_STATUS":null,"STATUS_VALUE":1949,"SUB_STATUS_VALUE":null,"STATUS_STATE":0,"OWNERS_BY_CURR_STATUS":[],"ADDITIONAL_OWNERS":[],"CURR_STATUS_UPDATEDBY":"76866550","CURR_STATUS_DATE":"2019-05-21 17:19:00","REQ_EMPLOYERID":"4103","REQ_POSTED_BY":"76866550"},"68371":{"PAYMENT_STATUS":1,"UNIQUE_KEY":"168613_68367","CURR_STATUS":"1949" ,"CURR_SUB_STATUS":null,"STATUS_VALUE":1949,"SUB_STATUS_VALUE":null,"STATUS_STATE":0,"OWNERS_BY_CURR_STATUS":[],"ADDITIONAL_OWNERS":[],"CURR_STATUS_UPDATEDBY":"76866550","CURR_STATUS_DATE" :"2019-05-21 17:19:00","REQ_EMPLOYERID":"4103","REQ_POSTED_BY":"76866550"}},"recruiterId":"76866550","isActivity":false},"ignoreParamsForIndexing":{"statusDetailsForAsyncActions":{"clientId":"168613","statusId":"1949" ,"subStatusId":null,"assessmentTestId":"","feedbackFormIds":[],"招聘经理":[],"isBillingEnabled":null,"isOfferGenerationEnabled":null,"statusDataJson":{"assessment": {"action":1,"sendToNew":false,"resendToAll":false,"statusId":"1949","subStatusId":null},"CURR_STATUS_DATE":"2019-05-21 17:18:59" }},"projectDetailsForAsyncActions":{"projectId":"15463"}},"optn":{"_routing":"168613"},"action":22,"activityField":"STATUS_CHANGED"},"dataArray":null,"retryCount":3,"additionalHeaders":{},"routingKey":"168613 ","topic":"rms-search-data"},"headers":{"AppId":123,"SystemId":"1234","X-TRANSACTION-ID":"27108593751"}}