로그인

검색

C/C++
2013.07.28 02:42

Buffer Overrun

MoA
조회 수 3518 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 게시글 수정 내역 댓글로 가기 인쇄
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 게시글 수정 내역 댓글로 가기 인쇄
How does one patch or prevent a BufferOverRun??

From the start - don't stuff more bytes into a buffer than it can hold.

More specifically (this applies to C/C++; a lot of these problems don't occur in other languages):

  • If writing code in C++, use the string class rather than char[] for strings whenever performance isn't a priority.
  • Never use gets() -- always use fgets()
  • Never use sprintf(), use snprintf() instead
  • Never use strcpy(), use strncpy() instead
  • Never use strcat(), use strncat() instead
  • Never use printf (foo) to print a raw string; always use printf ("%s", foo). Especially important if foo is a string generated by a user. One class of attacks is to embed nasty formatting controls (like %n) in a string, trying to cause a buffer overflow. (See FormatStringVulnerability?)
  • If you have to use char[] rather than string, keep track of your buffer lengths.
  • Never assume a 4K or other size buffer is "long enough"... chances are it won't be.
  • Use dynamic char buffers, and DoubleAfterFull to maintain good performance.

The best way to avoid buffer overruns and the related list overruns and list jams is to make a religion of testing your boundary conditions, testing your boundary assumptions and, most important, any programmer whose code allows them should be subjected to the most severe ridicule and humiliation the team's culture will allow. Dunce caps are easy to make and very effective.


위키링크 추가 http://en.wikipedia.org/wiki/Buffer_overflow

?

List of Articles
번호 분류 제목 글쓴이 날짜 조회 수
공지 Tool/etc Programming 게시판 관련 2 MoA 2014.11.01 15455
118 Library Google의 C++ 라이브러리 Naya 2012.08.02 2992
117 C/C++ Google의 C++ 라이브러리 MoA 2013.07.28 3000
116 서버 Golang Tutorial for Node.js Developers, Part I.: Getting started OBG 2022.06.16 2253
115 Site GOF 디자인패턴 정리 MoA 2013.07.28 2753
114 Tool/etc GitHut Copilot - Agent 모드 공개 OBG 2025.02.14 1870
113 LLM Getting Started with Sentiment Analysis using Python OBG 2024.04.11 2421
112 API/MFC GetLastInputInfo 함수 MoA 2013.12.06 3337
111 Tool/etc GDB Dashboard OBG 2025.01.14 1809
110 C/C++ fwrite(), fread() MoA 2013.07.28 3221
109 C/C++ fopen 함수가 Multi Thread 에서 안전한가? MoA 2013.07.28 3391
108 Tool/etc Flash CS5 and Version Control MoA 2013.10.11 2914
107 Python FastAPI 톺아보기 - 부제: python 백엔드 봄은 온다 OBG 2023.01.25 2851
106 C/C++ extern "C" 에 관하여 MoA 2013.07.28 3320
105 Library ExcelFormat Library Naya 2012.08.02 3736
104 C/C++ Essential C 링크 너울 2011.08.31 3486
103 Python Embedding Python in C/C++ MoA 2013.12.23 3067
102 Reversing Dumpbin.exe 사용 Naya 2012.10.21 2587
101 API/MFC DoModal Dialog 기초 MoA 2013.07.28 2438
100 API/MFC DLL 이란 MoA 2013.07.28 2770
99 API/MFC DLL 생성 시 주의 MoA 2013.08.22 4831
Board Pagination Prev 1 ... 5 6 7 8 9 10 11 12 13 14 15 Next
/ 15