What does buffer underflow in C/C++ programs mean?

1, Buffer Underflow

This article will describe another buffer overflow situation, that is, buffer underflow. Buffer overflow has been analyzed in the previous topic (see Issue 7). The same reasons apply to buffer underflows, so the factors that cause buffer overflows will not be repeated in this article. To put it simply, buffer underflow refers to the situation where the next-level buffer is overwritten when the filling data overflows. This article describes the dangers of buffer underflow, its signs in source code, and how to fix the problem.

2. The dangers of buffer underflow

In C/C programs, buffer underflow is a serious vulnerability type that may cause the program to crash or Consequences such as executing malicious code. From January to October 2018, a total of 494 pieces of CVE vulnerability information were involved. Some of the vulnerabilities are as follows:

#CVEVulnerability OverviewCVE-2018-1000001Libc Realpath buffer underflow vulnerability. The vulnerability occurs because the GNU C library does not correctly handle the relative path returned by the getcwd() system call. Other libraries It is also likely to be affected by this. On affected systems, root privileges can be obtained via the SUID binary. CVE-2018-1000637 zutils is a compressed file processing utility package. The program supports compression/decompression, compressed file comparison, and compressed file integrity verification. zcat is one of the decompression utilities. A buffer overflow vulnerability exists in zcat in versions prior to zutils 1.8-pre2. An attacker could exploit this vulnerability to cause a denial of service or execute arbitrary code using a specially crafted compressed file. CVE-2018-5388strongSwan versions prior to 5.6.3 have a buffer underflow vulnerability in the implementation. An attacker can exploit this vulnerability to exhaust resources, resulting in Denial of service.

3. Sample code

The example comes from Samate Juliet Test Suite for C/C v1.3 (https:// samate.nist.gov/SARD/testsuite.php), source file name: CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_01.c.

3.1 Defect code

#In the above example code, the pointer

data is executed on line 36 Assignment, through the assignment operation, it can be seen that the pointer data points to dataBadBuffer. When strcpy() is used for memory copy in line 41, the source buffer length is larger than the destination The buffer length thus overflows, and the overflow part exceeds the lower boundary of dataBadBuffer, causing buffer underflow problems.

Use 360 ​​Code Guard to detect the above sample code, you can detect the "buffer underflow" defect, and the display level is high. As shown in Figure 1:

Figure 1: Buffer underflow detection example

3.2 Repair code

In the above repair code, the repair method given by Samate is: assign a value to the pointer

data in line 37, and replace dataPoints to dataGoodBuffer. At this time, the length of data is consistent with source. When strcpy() is used for copy operation in line 42, The source buffer is the same length as the destination buffer, thus avoiding buffer underflow problems. This problem can also be avoided through other methods such as boundary checks.

Use 360 ​​Code Guard to detect the repaired code, and you can see that the "buffer underflow" defect no longer exists. As shown in Figure 2:

Figure 2: Detection results after repair

4. How to avoid buffer underflow

To avoid buffer underflow, you need to pay attention to the following points:

(1) Try to avoid using unsafe memory operation functions.

(2) For memory operation functions that have a clear indication of the return value, the function return value should be effectively judged to determine whether the operation is successful.

(3) Boundary checking must be performed when filling data into the buffer.

The above is the detailed content of What does buffer underflow in C/C++ programs mean?. For more information, please follow other related articles on the PHP Chinese website!