缓冲区过读
缓冲区过读
https://zh.wikipedia.org/wiki/缓冲区过读
在计算机安全和程序设计中,缓冲区过读[1]是一类程序错误,即程序从缓冲器读出数据时超出了边界,而读取了(或试图读取)相邻的内存。这是有违内存安全的一个例子。
通过构造恶意输入,使得缺乏边界检查的程序读取不该访问到的内存,可以触发缓冲区过读,如在心脏出血漏洞里的那样。引发的原因也可能仅仅是编程中的错误。这可能会导致异常的程序行为,包括内存访问错误、不正确的结果、崩溃或系统安全性损害。因而,有许多漏洞都因其而生,还可能被恶意利用以访问特权信息。
通常与缓冲区过读相联系的编程语言语言包括C和C++,这些语言都没有提供内置的保护机制,以防止使用指针访问虚拟内存任意位置的数据,并且不会自动检查读取该内存块的数据是否安全;对应的例子如试图读取比数组更多的元素,以及没有向空终止字符串末尾追加终止符。边界检查可以防止缓冲区过读[2],而模糊测试有助于检测出这些错误。
参见[编辑]
参考[编辑]
- ^ CWE – CWE-126: Buffer Over-read (2.6). Cwe.mitre.org. February 18, 2014 [April 10, 2014].
- ^ Yves Younan; Wouter Joosen; Frank Piessens. Efficient protection against heap-based buffer overflows without resorting to magic (PDF). Dept. of Computer Science, Katholieke Universiteit Leuven. 2013-02-25 [2014-04-24].
外部链接[编辑]
- PHP DateInterval Heap Buffer Overread Denial of Service
- PHP Bug #66060: Heap buffer over-read in DateInterval
|
Buffer over-read
In computer security and programming, a buffer over-read[1][2] is an anomaly where a program, while reading data from a buffer, overruns the buffer's boundary and reads (or tries to read) adjacent memory. This is a special case of violation of memory safety.
Buffer over-reads can be triggered, as in the Heartbleed bug, by maliciously crafted inputs that are designed to exploit a lack of bounds checking to read parts of memory not intended to be accessible. They may also be caused by programming errors alone. Buffer over-reads can result in erratic program behavior, including memory access errors, incorrect results, a crash, or a breach of system security. Thus, they are the basis of many software vulnerabilities and can be maliciously exploitedto access privileged information.
Programming languages commonly associated with buffer over-reads include C and C++, which provide no built-in protection against using pointers to access data in any part of virtual memory, and which do not automatically check that reading data from a block of memory is safe; respective examples are attempting to read more elements than contained in an array, or failing to append a trailing terminator to a null-terminated string. Bounds checking can prevent buffer over-reads,[3] while fuzz testing can help detect them.
See also[edit]
References[edit]
- ^ "CWE – CWE-126: Buffer Over-read (2.6)". Cwe.mitre.org. February 18, 2014. Retrieved April 10, 2014.
- ^ Strackx, Raoul; Younan, Yves; Philippaerts, Pieter; Piessens, Frank; Lachmund, Sven; Walter, Thomas (2009-01-01). "Breaking the Memory Secrecy Assumption". Proceedings of the Second European Workshop on System Security. EUROSEC '09. New York, NY, USA: ACM: 1–8. doi:10.1145/1519144.1519145. ISBN 9781605584720.
- ^ Yves Younan; Wouter Joosen; Frank Piessens (2013-02-25). "Efficient protection against heap-based buffer overflows without resorting to magic" (PDF). Dept. of Computer Science, Katholieke Universiteit Leuven. Retrieved 2014-04-24.
External links[edit]
- PHP DateInterval Heap Buffer Overread Denial of Service
- PHP Bug #66060: Heap buffer over-read in DateInterval