堆溢出的危险呢？ [英] dangers of heap overflows?

问题描述

我有一个堆溢出问题。

我明白，如果一个堆栈变量溢出它的缓冲区，它可以覆盖EIP和ESP值，例如，使程序跳转到那里的codeR没想到跳的地方。结果结果
这样看起来，我的理解，以这样的表现，因为落后的小端存储（其中一个数组F.E.的字符存储倒退，从去年到第1号）。搜索结果
如果您在另一方面把这个数组放入堆中，生长禁忌堆栈，你会溢出，它只会写随机垃圾倒入空的内存空间呢？结果（除非你在哪里在Solaris它远因为我知道有一个大端系统，侧面说明）结果
请问这是basicly的危险，因为它只是写到空？结果
因此，没有针对跳跃到不会忽略和地区的code不是为？结果
我会收到这个错误？_爱
要指定我的问题：结果
我写这封信，用户是指通过命令行执行时，它传递一个字符串参数和标志一个程序，我想知道，如果用户能够使用与此字符串参数黑客攻击时，它被放在堆的malloc函数。结果

天哪，我希望这个问题不是newbish：/ PLS试图解释简单的结果。

感谢每一个的answere，看到你在几个小时了，晚安。

解决方案

  

如果您在另一方面把这个数组放入堆中，生长禁忌堆栈，你会溢出，它只会写随机垃圾倒入空的内存空间呢？

您正在几个假设：

1. 您假定堆是在主存储器段的结尾。这是未必如此。




2. 您是假设在堆中的对象是在堆的末尾。这是未必如此。 （事实上​​，它通常的不是所以...）

下面是可能导致问题，无论堆是如何实现的一个例子：

 的char * A =的malloc（100）;
  字符* B =的malloc（100）;
  字符* C =的malloc（100）;
  的for（int i = 0; I＆LT; 200;我++）{
      B〔Ⅰ〕=Z;
  }
 

写作超越的末端b 很可能践踏要么 A 或 C ...或堆一些其他的对象，或空闲列表中。

根据你践踏，你可能会覆盖函数指针，或者你可以这样做导致段故障，未predictable行为等其他损害哪些对象。这些东西可以用于code注射液，造成code。在有害从安全角度来看...或者只是崩溃的目标应用程序/服务来实现服务攻击拒绝其他方式发生故障

I have a question about heap overflows.

I understand that if a stack variable overruns it's buffer, it could overwrite the EIP and ESP values and, for example, make the program jump to a place where the coder did not expect it to jump.

This seems, as I understand, to behave like this because of the backward little endian storing (where f.e. the characters in an array are stored "backwards", from last to first).

If you on the other hand put that array into the heap, which grows contra the stack, and you would overflow it, would it just write random garbage into empty memory space then?
(unless you where on a solaris which as far as I know has a big endian system,side note)
Would this basicly be a danger since it would just write into "empty space"?
So no aimed jumping to adresses and areas the code was not designed for?
Am I getting this wrong?

To specify my question:
I am writing a program where the user is meant to pass a string argument and a flag when executing it via command line, and I want to know if the user could perform a hack with this string argument when it is put on the heap with the malloc function.

Gosh, I hope this question is not to newbish :/ Pls try to explain simple

Thanks for every answere, see you in a few hours, good night.

解决方案

If you on the other hand put that array into the heap, which grows contra the stack, and you would overflow it, would it just write random garbage into empty memory space then?

You are making a couple of assumptions:

1. You are assuming that the heap is at the end of the main memory segment. That ain't necessarily so.

2. You are assuming that the object in the heap is at the end of the heap. That ain't necessarily so. (In fact, it typically isn't so ...)

Here's an example that is likely to cause problems no matter how the heap is implemented:

  char *a = malloc(100);
  char *b = malloc(100);
  char *c = malloc(100);
  for (int i = 0; i < 200; i++) {
      b[i] = 'Z';
  }

Writing beyond the end of b is likely to trample either a or c ... or some other object in the heap, or the free list.

Depending on what objects you trample, you may overwrite function pointers, or you may do other damage that results in segmentation faults, unpredictable behaviour and so on. These things could be used for code injection, to cause the code to malfunction in other ways that are harmful from a security standpoint ... or just to implement a denial of service attack by crashing the target application / service.

这篇关于堆溢出的危险呢？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！