Embedded Linux C language (ix) security issues and pointer traps for--C languages

embedded Linux C Language (ix)--C language security problems and pointer traps

The C language is a programming language with a greater degree of flexibility and freedom, and as a pointer to the core of C language, the C language programmer can pass through the secure fence and make destructive access to some memory areas. Raises security risks. Many security problems can be traced to the misuse of pointers. This article will interpret The Common security problems and pointer traps of C language from the perspective of pointers.

First, Declaration and initialization of Pointers1. inappropriate pointer declaration

int* ptr1, ptr2;// declaration ptr1 is int pointer,PTR2 is integral type

int *PTR1, *PTR2;//PTR1,PTR2 are declared as pointers

#define PINT int *

PINT ptr1, ptr2;// equivalent to int* ptr1, ptr2;

Recommended way:

typedef int * PINT

PINT ptr1, ptr2;// equivalent to int *ptr1, *PTR2;

2. Uninitialized before use of pointer

Using a pointer before initializing the pointer causes a run-time error, which is called a wild pointer.

int *p;

printf ("%d\n", *p);

Pointer variable p is not assigned a pointer (address), at which point the *p will cause unpredictable conditions.

3. Handling Uninitialized pointers

There are three ways to handle uninitialized pointers:

A, Initialize pointers with NULL

int *p = NULL;

if (NULL = = p)

{

}

B, Use the assert function

ASSERT (NULL! = p);

C, with third-party tools

Second, misuse of pointers

Many security issues focus on buffer overflow, overwrite memory outside the bounds of the object will cause a buffer overflow, this block of memory may be the address space of this program, or other processes, if it is outside the program address space memory, most operating systems will issue a piece of error and then abort the program. If a buffer overflow occurs within the address space of the application, it causes unauthorized access and control of the data to other sections of code, causing the system to be compromised. The following conditions can cause a buffer overflow:

A, An index entry was not checked when accessing the number of array elements

B, The array pointer is not careful when doing pointer arithmetic

C, use a function like get to read a string from a standard input

D, misuse of functions such as strcpy and strcat

If a buffer overflow occurs on the meta-frame of a stack, it is possible to overwrite the return address portion of the stack frame as a call to malicious code created at the same time.

1. test NULL

For dynamically allocating memory functions be sure to check the return value, otherwise if the memory allocation failure program may terminate abnormally.

Char *vetcor = (char *) malloc (128*sizeof (char));

if (NULL = = vector)

{

Malloc failure.

}

2. error using the extract Operation

The common methods for declaring and initializing pointers are as follows:

int num;

int *p = #

But here's the wrong one.

int num;

int *p;

*p = #// correct for p = &num

3. Stray Pointer

When you release the pointer and still refer to the original memory, a stray pointer is generated. If you are still trying to manipulate the original memory after releasing the pointer, the read operation may return invalid data, and the write operation may break the value of the memory, causing the other program that is using the memory to have an exception.

4. array access out of bounds

The array in the C language does not provide a mechanism to prevent access to the array, so the programmer must ensure that the access to the arrays does not cross. Especially when accessing array elements with pointers, you must ensure that you cannot cross the array boundaries.

5. error Calculating array length

When passing an array to a function, be sure to pass the array length at the same time. The array length parameter avoids buffer overflow. strcpy function is a function that allows buffer overflow, so try to avoid it, use a buffer protection mechanism strncpy function.

Iii. Release Issues 1. Repeat release

Repeat release refers to releasing the same piece of memory two times, such as:

Char *name = (char *) malloc (...);

...................

Free (name);

....................

Free (name);

To avoid repeated releases of the same block of memory, the pointer is generally released to NULLafter the pointer is disposed.

Char *name = (char *) malloc (...);

...................

Free (name);

name = NULL;

2. Clear Sensitive information

When the application terminates, most operating systems do not use the memory to clear 0 or perform other operations, the system may have used memory allocated to other programs to use, if the memory originally saved is identity information, password information and other sensitive data, this is not safe, because other people can use this part of memory, You can erase sensitive data in memory by overwrite.

Four, pointer type conversions

The conversion of pointer types can implement some special functions, such as:

Access to addresses with special purpose

Determine the byte order of the Machine

1. access to special-purpose addresses

In the development of embedded system, many special function registers are unified addressing, and the functions of the corresponding peripherals can be controlled by accessing these special function registers.

#define WTCON (* ((unsigned long) 0xe2700000))

Wtcon |= 0x3<<8;

With a pointer-type conversion, Some bits of the Wtcon register can be set to 1tocontrol peripherals.

2. determine the byte order of the machine

The byte order refers to the order in which the data is stored in the memory unit. Byte order is generally divided into small-endian and large-endian, also known as small-end mode and big-endian mode. The small-end pattern represents the low address of an integer in the 4 - byte store of integer data. By converting the address of an integer from a pointer to char, the memory of each byte is printed to know the machine's byte order.

#include <stdio.h>

int main (int argc, CHAR**ARGV)

{

int num = 0x12345678;

Char *p = (char *) #

int i;

for (i = 0; i < 4; i++)

{

printf ("%p:%2x\n", p, (unsigned char) *p++);

}

return 0;

}

The results of the operation are as follows:

0x7fffe8f13cb9:78

0x7fffe8f13cba:56

0x7fffe8f13cbb:34

0x7fffe8f13cbc:12

Conclusion: Low-byte, small-end mode is stored.

This article from "Endless life, Struggle not only" blog, please be sure to keep this source http://9291927.blog.51cto.com/9281927/1790675

Embedded Linux C language (ix) security issues and pointer traps for--C languages