Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Automatic excavating method for integer overflow loophole

A technology of loopholes and objects under test, applied in the field of software engineering, can solve problems such as constructing test data, abnormal parameter processing, etc., to achieve the effect of improving quality and stability

Inactive Publication Date: 2007-01-03
HUAWEI TECH CO LTD
View PDF0 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

But if the len parameter is obtained from a file in a private format, or from a field in a received communication message, that is, when the parameter is an implicit parameter, the tester cannot construct the required test data In this way, the problem of abnormal handling of this parameter cannot be found through black box testing

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Automatic excavating method for integer overflow loophole
  • Automatic excavating method for integer overflow loophole
  • Automatic excavating method for integer overflow loophole

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0050] The present invention provides an automatic mining method for integer overflow vulnerabilities. In order to make the purpose, technical solution, and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the accompanying drawings and examples.

[0051] see figure 1 , realize the concrete flow process of the present invention as follows:

[0052] Step 101: set the length and content of the filling characters, that is, input parameters, and modify the data of the measured object to the set parameters when performing the test;

[0053] Step 102: Set the initial storage address of the object under test, and start testing from the set initial storage address during testing;

[0054] Step 103: filling data at the specified storage address with preset parameters, and saving it as a constructed test case;

[0055] Step 104: the object under test is the software, start running the program, and process the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the software engineering technology field which provides an automatic digging method for the integer overflow hole. The method is: it sets the length of the filling character, the content and the memory address; it fills the data in the appointed memory address by the appointed character, the detected object carries out the treatment to the file data or the network protocol data. It captures the error of the object, if it has the error, it will note the fault position and stores the error data and then it will revise the memory address. It detects cyclically like that until the end of the object data. The method can find the position of the proper memory integer variable in the condition of the black-box testing or the detector does not know the data format to improve the quality and the stability of the software.

Description

technical field [0001] The invention relates to the technical field of software engineering, in particular to an automatic mining method for integer overflow vulnerabilities. Background technique [0002] In software testing, it is necessary to check the validity of the parameters obtained from the outside world, and many software developers ignore the parameter validity check because of ill-consideration, which leads to software processing errors. Integer overflow is a case of such errors. [0003] Usually, the integer overflow is mainly due to the incomplete consideration of the field type when the parser processes the field. After calculation, the requested space size is smaller than the actual copy space size, and the data in the stack is overwritten during the copy operation. , eventually causing the process to crash and even execute arbitrary code. [0004] E.g: [0005] void function(char *userdata, short rawlen) / / userdata is the character specified by the user, and...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36
Inventor 赵武刘海军
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products