embedded Linux C Language (ix)--C language security problems and pointer traps
The C language is a programming language with a greater degree of flexibility and freedom, and as a pointer to the core of C language, the C language programmer can pass through the secure fence and make destructive access to some memory areas. Raises security risks. Many security problems can be traced to the misuse of pointers. This article will interpret The Common security problems and pointer traps of C language from the perspective of pointers.
First,
Declaration and initialization of Pointers1.
inappropriate pointer declaration
int* ptr1, ptr2;// declaration ptr1 is int pointer,PTR2 is integral type
int *PTR1, *PTR2;//PTR1,PTR2 are declared as pointers
#define PINT int *
PINT ptr1, ptr2;// equivalent to int* ptr1, ptr2;
Recommended way:
typedef int * PINT
PINT ptr1, ptr2;// equivalent to int *ptr1, *PTR2;
2.
Uninitialized before use of pointer
Using a pointer before initializing the pointer causes a run-time error, which is called a wild pointer.
int *p;
printf ("%d\n", *p);
Pointer variable p is not assigned a pointer (address), at which point the *p will cause unpredictable conditions.
3.
Handling Uninitialized pointers
There are three ways to handle uninitialized pointers:
A, Initialize pointers with NULL
int *p = NULL;
if (NULL = = p)
{
}
B, Use the assert function
ASSERT (NULL! = p);
C, with third-party tools
Second, misuse of pointers
Many security issues focus on buffer overflow, overwrite memory outside the bounds of the object will cause a buffer overflow, this block of memory may be the address space of this program, or other processes, if it is outside the program address space memory, most operating systems will issue a piece of error and then abort the program. If a buffer overflow occurs within the address space of the application, it causes unauthorized access and control of the data to other sections of code, causing the system to be compromised. The following conditions can cause a buffer overflow:
A, An index entry was not checked when accessing the number of array elements
B, The array pointer is not careful when doing pointer arithmetic
C, use a function like get to read a string from a standard input
D, misuse of functions such as strcpy and strcat
If a buffer overflow occurs on the meta-frame of a stack, it is possible to overwrite the return address portion of the stack frame as a call to malicious code created at the same time.
1.
test NULL
For dynamically allocating memory functions be sure to check the return value, otherwise if the memory allocation failure program may terminate abnormally.
Char *vetcor = (char *) malloc (128*sizeof (char));
if (NULL = = vector)
{
Malloc failure.
}
2.
error using the extract Operation
The common methods for declaring and initializing pointers are as follows:
int num;
int *p = #
But here's the wrong one.
int num;
int *p;
*p = #// correct for p = &num
3.
Stray Pointer
When you release the pointer and still refer to the original memory, a stray pointer is generated. If you are still trying to manipulate the original memory after releasing the pointer, the read operation may return invalid data, and the write operation may break the value of the memory, causing the other program that is using the memory to have an exception.
4.
array access out of bounds
The array in the C language does not provide a mechanism to prevent access to the array, so the programmer must ensure that the access to the arrays does not cross. Especially when accessing array elements with pointers, you must ensure that you cannot cross the array boundaries.
5.
error Calculating array length
When passing an array to a function, be sure to pass the array length at the same time. The array length parameter avoids buffer overflow. strcpy function is a function that allows buffer overflow, so try to avoid it, use a buffer protection mechanism strncpy function.
Iii. Release Issues
1. Repeat release
Repeat release refers to releasing the same piece of memory two times, such as:
Char *name = (char *) malloc (...);
...................
Free (name);
....................
Free (name);
To avoid repeated releases of the same block of memory, the pointer is generally released to NULLafter the pointer is disposed.
Char *name = (char *) malloc (...);
...................
Free (name);
name = NULL;
2.
Clear Sensitive information
When the application terminates, most operating systems do not use the memory to clear 0 or perform other operations, the system may have used memory allocated to other programs to use, if the memory originally saved is identity information, password information and other sensitive data, this is not safe, because other people can use this part of memory, You can erase sensitive data in memory by overwrite.
Four,
pointer type conversions
The conversion of pointer types can implement some special functions, such as:
Access to addresses with special purpose
Determine the byte order of the Machine
1.
access to special-purpose addresses
In the development of embedded system, many special function registers are unified addressing, and the functions of the corresponding peripherals can be controlled by accessing these special function registers.
#define WTCON (* ((unsigned long) 0xe2700000))
Wtcon |= 0x3<<8;
With a pointer-type conversion, Some bits of the Wtcon register can be set to 1tocontrol peripherals.
2.
determine the byte order of the machine
The byte order refers to the order in which the data is stored in the memory unit. Byte order is generally divided into small-endian and large-endian, also known as small-end mode and big-endian mode. The small-end pattern represents the low address of an integer in the 4 - byte store of integer data. By converting the address of an integer from a pointer to char, the memory of each byte is printed to know the machine's byte order.
#include <stdio.h>
int main (int argc, CHAR**ARGV)
{
int num = 0x12345678;
Char *p = (char *) #
int i;
for (i = 0; i < 4; i++)
{
printf ("%p:%2x\n", p, (unsigned char) *p++);
}
return 0;
}
The results of the operation are as follows:
0x7fffe8f13cb9:78
0x7fffe8f13cba:56
0x7fffe8f13cbb:34
0x7fffe8f13cbc:12
Conclusion: Low-byte, small-end mode is stored.
This article from "Endless life, Struggle not only" blog, please be sure to keep this source http://9291927.blog.51cto.com/9281927/1790675
Embedded Linux C language (ix) security issues and pointer traps for--C languages