什么是缓冲区溢出，我如何导致？ [英] What is a buffer overflow and how do I cause one?

问题描述

我听说过一个缓冲区溢出，我想知道如何导致一个。

I have heard about a buffer overflow and I would like to know how to cause one.

有人可以告诉我一个小缓冲区溢出示例吗？
新的（他们用于什么？）

Can someone show me a small buffer overflow example? New(And what they are used for?)

推荐答案

缓冲区溢出基本上是当一个缓冲区）写入其预期界限之外。如果攻击者可以设法使它从程序外部发生，它可能会导致安全问题，因为它可能允许他们操纵任意内存位置，虽然许多现代操作系统防止最坏的情况下。

A buffer overflow is basically when a crafted section (or buffer) of memory is written outside of its intended bounds. If an attacker can manage to make this happen from outside of a program it can cause security problems as it could potentially allow them to manipulate arbitrary memory locations, although many modern operating systems protect against the worst cases of this.

虽然在缩进边界之外的读取和写入通常被认为是一个坏主意，但是术语缓冲区溢出通常被保留用于在边界之外的写入可能会导致攻击者轻松地修改代码运行的方式。关于缓冲区溢出以及它们可用于漏洞利用的各种方式，有一篇关于维基百科的好文章。

While both reading and writing outside of the indented bounds are generally considered a bad idea, the term "buffer overflow" is generally reserved for writing outside the bounds, as this can cause an attacker to easily modify the way your code runs. There is a good article on Wikipedia about buffer overflows and the various ways they can be used for exploits.

在你自己编程方面，这将是一个简单的问题：

In terms of how you could program one yourself, it would be a simple matter of:

char a[4];
strcpy(a,"a string longer than 4 characters"); // write past end of buffer (buffer overflow)
printf("%s\n",a[6]); // read past end of buffer (also not a good idea)

它运行可能取决于您的操作系统和编译器。

Whether that compiles and what happens when it runs would probably depend on your operating system and compiler.

这篇关于什么是缓冲区溢出，我如何导致？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！