Presentation is loading. Please wait.

Presentation is loading. Please wait.

S ECURE P ROGRAMMING 6. B UFFER O VERFLOW (S TRINGS AND I NTEGERS ) P ART 2 Chih Hung Wang Reference: 1. B. Chess and J. West, Secure Programming with.

Published byDarren Willis Modified over 8 years ago

Similar presentations

Presentation on theme: "S ECURE P ROGRAMMING 6. B UFFER O VERFLOW (S TRINGS AND I NTEGERS ) P ART 2 Chih Hung Wang Reference: 1. B. Chess and J. West, Secure Programming with."— Presentation transcript:

1 S ECURE P ROGRAMMING 6. B UFFER O VERFLOW (S TRINGS AND I NTEGERS ) P ART 2 Chih Hung Wang Reference: 1. B. Chess and J. West, Secure Programming with Static Analysis, Addison-Wesley, 2007. 2. R. C. Seacord, Secure Coding in C and C++, Addison-Wesley, 2006. 1

2 Formatted Output (1) sprintf problem 2

3 Formatted Output (2) Crashing a Program 3

4 Formatted Output (3) Viewing Stack Content (1) 4

5 Formatted Output (4) Viewing Memory Content 5

6 Formatted Output (5) Overwriting Memory 6

7 Formatted Output (6) 7

8 Formatted Output (4) Viewing Stack Content (2) 8

9 Integers (1) All built-in integral types (char, short, int, long, etc.) have a limited capacity because they are represented with a fixed number of bits. Sometimes programmers ignore this fact and think of an integral variable as being the same as an integer in mathematics (where an integer has no finite upper or lower bound). 9

10 Integers (2) Truncation and Sign Extension 10

11 Integers (3) 11 Sign extension error

12 Integers (4) Sign Errors 12

13 Integers (5) Two real-world examples 13 unsigned Eliminates the problem len, off: signed int

14 Integers (6) Truncation Errors (1) 14 unsigned long

15 Integers (7) Truncation Errors (2) 15

16 Integers (8) Nonexceptional Integer Logic Errors 16 table[pos]=value; is equivalent to *(table+(pos*sizeof(int)))=value; If pos is negative?

17 Integers (9) Use of Range Checking to avoid the problem 17 <<

18 Method to Detect and Prevent Integer Overflow (1) Use Unsigned Type Declare integral variables to be unsigned, especially if they are used to allocate or index memory. However, unsigned types are too valuable in preventing integer overflow to leave by the wayside. Expect Bad Assumption Keep in mind that standard types such as int, char, and size_t have different definitions depending on the platform and compiler being used. Restrict Numeric User Input Restrict the range of numeric input that you accept. Just because a 32-bit unsigned integer can be used to represent the number four billion doesn’t mean that users should be allowed to claim they have four billion fonts in one document or four billion items in one shopping cart. Impose reasonable maximums and minimums. 18

19 Method to Detect and Prevent Integer Overflow (2) Sanity-Check Values Used to Allocate and Access Memory Ensure that values used in sensitive operations, such as memory allocation, pass basic sanity checks. Don’t do any math after the final sanity check. Respect Compiler Warning With the appropriate warning level set and runtime checks enabled, modern compilers can provide a great deal of assistance in tracking down potential integer overflow errors. Understand Integer Conversion Rules It’s difficult to avoid being burned by an unexpected type conversion, but education is the best defense. The C99 standard mandates a complex set of rules governing the way type conversion should be handled. 19

20 Method to Detect and Prevent Integer Overflow (3) Verify Pre- and Post- conditions for Operators That Can Overflow Of the large number of integer operators provided in C and C++, many can contribute to integer overflow vulnerabilities. 20

21 Method to Detect and Prevent Integer Overflow (4) A basic check that ensures unsigned addition will not overflow 21

22 Method to Detect and Prevent Integer Overflow (4) A more complex check that ensures signed addition will not overflow. 22

Download ppt "S ECURE P ROGRAMMING 6. B UFFER O VERFLOW (S TRINGS AND I NTEGERS ) P ART 2 Chih Hung Wang Reference: 1. B. Chess and J. West, Secure Programming with."

Similar presentations

Chapter 5 Errors Bjarne Stroustrup www.stroustrup.com/Programming.

Chapter 5 Errors Bjarne Stroustrup
SPLINT STATIC CHECKING TOOL Sripriya Subramanian 10/29/2002.

SPLINT STATIC CHECKING TOOL Sripriya Subramanian 10/29/2002.
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson

CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Type Checking.

Type Checking.
Chapter 10.

Chapter 10.
Nov 10, Fall 2006IAT 8001 Debugging. Nov 10, Fall 2006IAT 8002 How do I know my program is broken?  Compiler Errors –easy to fix!  Runtime Exceptions.

Nov 10, Fall 2006IAT 8001 Debugging. Nov 10, Fall 2006IAT 8002 How do I know my program is broken?  Compiler Errors –easy to fix!  Runtime Exceptions.
Bellevue University CIS 205: Introduction to Programming Using C++ Lecture 3: Primitive Data Types.

Bellevue University CIS 205: Introduction to Programming Using C++ Lecture 3: Primitive Data Types.
1 Homework Turn in HW2 at start of next class. Starting Chapter 2 K&R. Read ahead. HW3 is on line. –Due: class 9, but a lot to do! –You may want to get.

1 Homework Turn in HW2 at start of next class. Starting Chapter 2 K&R. Read ahead. HW3 is on line. –Due: class 9, but a lot to do! –You may want to get.
Exceptions Three categories of errors: Syntax errors Runtime errors Logic errors Syntax errors: rules of the language have not been followed. Runtime error:

Exceptions Three categories of errors: Syntax errors Runtime errors Logic errors Syntax errors: rules of the language have not been followed. Runtime error:
Nyhoff, ADTs, Data Structures and Problem Solving with C++, Second Edition, © 2005 Pearson Education, Inc. All rights reserved. 0-13-140909-3 1 Introduction.

Nyhoff, ADTs, Data Structures and Problem Solving with C++, Second Edition, © 2005 Pearson Education, Inc. All rights reserved Introduction.
Nyhoff, ADTs, Data Structures and Problem Solving with C++, Second Edition, © 2005 Pearson Education, Inc. All rights reserved. 0-13-140909-3 1 Introduction.

Nyhoff, ADTs, Data Structures and Problem Solving with C++, Second Edition, © 2005 Pearson Education, Inc. All rights reserved Introduction.
Elementary Data Types Scalar Data Types Numerical Data Types Other

Elementary Data Types Scalar Data Types Numerical Data Types Other
1 Lecture 7: Computer Arithmetic Today’s topics:  Chapter 2 wrap-up  Numerical representations  Addition and subtraction Reminder: Assignment 3 will.

1 Lecture 7: Computer Arithmetic Today’s topics:  Chapter 2 wrap-up  Numerical representations  Addition and subtraction Reminder: Assignment 3 will.
Chapter 2 Data Types, Declarations, and Displays

Chapter 2 Data Types, Declarations, and Displays
Representation and Conversion of Numeric Types 4 We have seen multiple data types that C provides for numbers: int and double 4 What differences are there.

Representation and Conversion of Numeric Types 4 We have seen multiple data types that C provides for numbers: int and double 4 What differences are there.
Static Analysis for Security Amir Bazine Per Rehnberg.

Static Analysis for Security Amir Bazine Per Rehnberg.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Jun 16, 2014IAT 2651 Debugging. Dialectical Materialism  Dialectical materialism is a strand of Marxism, synthesizing Hegel's dialectics, which proposes.

Jun 16, 2014IAT 2651 Debugging. Dialectical Materialism  Dialectical materialism is a strand of Marxism, synthesizing Hegel's dialectics, which proposes.
1 Debugging and Testing Overview Defensive Programming The goal is to prevent failures Debugging The goal is to find cause of failures and fix it Testing.

1 Debugging and Testing Overview Defensive Programming The goal is to prevent failures Debugging The goal is to find cause of failures and fix it Testing.
IT253: Computer Organization

IT253: Computer Organization

Similar presentations

Ads by Google