Automatic excavating method for integer overflow loophole

A technology of loopholes and objects under test, applied in the field of software engineering, can solve problems such as constructing test data, abnormal parameter processing, etc., to achieve the effect of improving quality and stability
CN1889059AInactive Publication Date: 2007-01-03HUAWEI TECH CO LTD
0 Cites 10 Cited by

Patent Information

Authority / Receiving Office
CN Β· China
Patent Type
Applications(China)
Current Assignee / Owner
HUAWEI TECH CO LTD
Publication Date
2007-01-03
Estimated Expiration
Not applicable Β· inactive patent

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention belongs to the software engineering technology field which provides an automatic digging method for the integer overflow hole. The method is: it sets the length of the filling character, the content and the memory address; it fills the data in the appointed memory address by the appointed character, the detected object carries out the treatment to the file data or the network protocol data. It captures the error of the object, if it has the error, it will note the fault position and stores the error data and then it will revise the memory address. It detects cyclically like that until the end of the object data. The method can find the position of the proper memory integer variable in the condition of the black-box testing or the detector does not know the data format to improve the quality and the stability of the software.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the technical field of software engineering, in particular to an automatic mining method for integer overflow vulnerabilities. Background technique

[0002] In software testing, it is necessary to check the validity of the parameters obtained from the outside world, and many software developers ignore the parameter validity check because of ill-consideration, which leads to software processing errors. Integer overflow is a case of such errors.

[0003] Usually, the integer overflow is mainly due to the incomplete consideration of the field type when the parser processes the field. After calculation, the requested space size is smaller than the actual copy space size, and the data in the stack is overwritten during the copy operation. , eventually causing the process to crash and even execute arbitrary code.

[0004] E.g:

[0005] void function(char *userdata, short rawlen) / / userdata is the character specified by the user, and...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More