软件安全性 [英] software security
本文介绍了软件安全性的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
有人可以用C#示例解释什么是整数整数溢出漏洞吗?
解决方案
这里有一个非常简单的示例:
公共 class 程序{ 静态 无效 Main(字符串 []参数){ Charge( int .MaxValue); } 私有 静态 void 收费( int 金额){ int processingFee = 10 ; Console.WriteLine(" +-(amount + processingFee)); } }
我们看到了一个非常大的平衡点;-)
当我用这个在Google上搜索(就像您应该有的那样)时,我发现了这个:
In some situations a program may make the assumption that a variable always contains a positive value. If the variable has a signed integer type an overflow can cause its value to wrap and become negative, violating the assumption contained in the program and perhaps leading to unintended behavior. Similarly, subtracting from a small unsigned value may cause it to wrap to a large positive value which may also be an unexpected behavior. Multiplying or adding two integers may result in a value that is non-negative, but unexpectedly small. If this number is used as the number of bytes to allocate for a buffer, the buffer will be allocated unexpectedly small, leading to a potential buffer overflow.
我把它留给您去做其余的研究.
那我可能知道wat是整数溢出和多次整数溢出之间的区别吗?
can any one explain what is multiple integer overflow vulnerability with C# example?
解决方案
Here''s a very simple example:
public class Program { static void Main(string[] args) { Charge(int.MaxValue); } private static void Charge(int amount) { int processingFee = 10; Console.WriteLine("Balance: " + -(amount + processingFee)); } }
We see a very large balance ;-)
When I googled this (like you should have), I found this:
In some situations a program may make the assumption that a variable always contains a positive value. If the variable has a signed integer type an overflow can cause its value to wrap and become negative, violating the assumption contained in the program and perhaps leading to unintended behavior. Similarly, subtracting from a small unsigned value may cause it to wrap to a large positive value which may also be an unexpected behavior. Multiplying or adding two integers may result in a value that is non-negative, but unexpectedly small. If this number is used as the number of bytes to allocate for a buffer, the buffer will be allocated unexpectedly small, leading to a potential buffer overflow.
I leav it to you to do the rest of your research.
then may i know wat is the difference between integer overflow and multiple integer overflow?
这篇关于软件安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
