解法很簡單:Input Validation。Input validation is absolutely critical to application security, and most application risks involve tainted input at some level.
Demo: 改自網頁範例,原程式碼有錯。此外,就算使用安全的 sprintf_s() function,仍然會洩露 input 的 memory address.
char buffer[100];
int x = 1;
sprintf_s(buffer, sizeof(buffer), "Bob %X");
buffer[sizeof(buffer) -1] = '\0';
printf("Buffer size is: (%d) \n", strlen(buffer));
printf("Data input: %s \n", buffer);
printf("Memory address for x: (%p) \n", &x);
執行結果是:
Buffer size is: (10)
Data input: Bob 21F1C8
Memory address for x: (0021F038)
沒有留言:
張貼留言