防止缓冲区溢出的新技术。
有些内建的函数也已经被更新,以较小的开销防止缓冲区溢出。
Some built-in functions have also been updated to protect against buffer overruns with a minimal amount of overhead.
针对缓冲区溢出的一种简单解决办法就是转为使用能够防止缓冲区溢出的语言。
A simple solution for buffer overflows is to switch to a language that prevents them.
一种替代方法是使用另一种编程语言,因为如今的几乎其他所有语言都能防止缓冲区溢出。
An alternative is to use another programming language, since almost all of today's other languages protect against buffer overflows.
Ada一般会检测和防止缓冲区溢出(即针对这样的尝试引发一个异常),但是不同的程序可能会禁用这个特性。
Ada normally detects and prevents buffer overflows (raising an exception on the attempt), but various pragmas can disable this.
文中分析了防止缓冲区溢出攻击的运行时方法的不足。介绍了一种静态检测缓冲区溢出漏洞的方法及工具。
In this paper, first analyzes the shortcomings of run-time defenses of buffer overflow attacks, and then presents an approach and a tool to statically detect buffer overflow vulnerabilities.
这是一种有用的方法,不过要注意这种方法无法防止缓冲区溢出改写其他值(攻击者仍然能够利用这些值来攻击系统)。
This is a useful approach, but note that this does not protect against buffer overflows overwriting other values (which they may still be able to use to attack a system).
如果指定字符串输出的精确指定符(比如%. 10s),那么您就能够通过指定输出的最大长度来防止缓冲区溢出。
If you include a precision specifier for a string output (such as "%.10s"), then you can protect against buffer overflows by specifying the maximum length of the output.
事实证明存在许多防止缓冲区溢出的不同技术,但它们都可划分为以下两种方法:静态分配的缓冲区和动态分配的缓冲区。
It turns out that there are many different techniques to countering buffer overflows, but they can be divided into two approaches: statically allocated buffers and dynamically allocated buffers.
这可防止在缓冲区溢出时服务器进行额外的CPU和磁盘工作。
This prevents the server from doing added CPU and disk work if the buffer overflows.
攻击者也许能够通过改变函数中其他数据的值来利用缓冲区溢出;没有哪种方法能够防止这点。
An attacker may be able to exploit a buffer overflow by changing the value of other data in the function; none of these approaches counter that.
缓冲区溢出漏洞是那么难相处,以防止数十种,他们都是被找到和利用操作系统和应用软件,每一天。
Buffer overrun vulnerabilities are so difficult to prevent that scores of them are being found and exploited in operating system and application software every day.
问题是gets()不能防止出现缓冲区溢出的问题;攻击者可以简单地发送超过传递给 gets()的缓冲区可以存储的数据。
The problem is that gets() doesn't protect itself from buffer overflows; an attacker can simply send more data than the buffer passed to gets() can store.
GS(缓冲区安全检查),它无法在函数中防止参数和局部变量造成本地缓冲区溢出,除非启用函数优化。
GS (buffer Security Check), which is enabled by default, cannot protect parameters and local variables from local buffer overrun in a function unless the function has optimizations enabled.
GS(缓冲区安全检查),它无法在函数中防止参数和局部变量造成本地缓冲区溢出,除非启用函数优化。
GS (buffer Security Check), which is enabled by default, cannot protect parameters and local variables from local buffer overrun in a function unless the function has optimizations enabled.
应用推荐