什么是缓冲区溢出?
什么是缓冲区溢位?
A fix for a buffer overflow problem in DHCPD (8).
修复了dhcpd(8)中的缓冲区溢出问题。
This column gives an overview of the buffer overflow problem.
本专栏概述了缓冲区溢位问题。
But the buffer overflow problem is far from ancient history.
但是,缓冲区溢位问题并非已成古老的历史。
This is why our next four columns will deal with buffer overflow.
这就是下面四个专栏将讨论缓冲区溢位的原因。
The following example is vulnerable to a heap-based buffer overflow
以下示例容易出现基于堆的缓冲区溢出
Listing 4. example2.c (vulnerable to a heap-based buffer overflow).
清单4 . example2 . c(容易出现基于堆的缓冲区溢出)。
Clearly, you would think by now that buffer overflow errors would be obsolete.
很明显,至此您不会认为缓冲区溢位错误将是过时的。
As a result, buffer overflow problems are often invisible during standard testing.
因此,缓冲区溢位问题常常在标准测试期间是发现不了的。
So far, all our examples of buffer overflow exploits have been for UNIX systems.
目前,我们举的所有利用缓冲区溢位的范例都是针对UNIX系统的。
Buffer overflow proves impossible as data copies only when room for extra data exists.
事实证明缓冲区溢出也不可能会发生,因为仅当存在额外数据空间时才会复制数据。
All of these attacks — and many others — exploited a vulnerability called a buffer overflow.
所有这些攻击——以及其他许多攻击,都利用了一个称做为缓冲区溢出的程序缺陷。
A buffer overflow in a program such as find is likely to be a risk to a great number of systems.
诸如find这样的程序中的缓冲区溢出可能会给大量的系统带来风险。
Don't rely on dynamic allocation for everything and forget about the buffer overflow problem.
不要依靠动态指派所有一切,而遗忘缓冲区溢位问题。
There are a number of tools that can help detect buffer overflow vulnerabilities before they're released.
有许多工具可以在缓冲区溢出缺陷导致问题之前帮助检测它们。
Doing so can lead some poorly written implementations into buffer overflow errors (and all that implies).
这样做会使编写不够严谨的程序出现缓冲区溢出错误(以及所有类似隐患)。
There are two main types of root exploits: buffer overflow attacks and executing scripts against a server.
这里有两种主要的超级用户进入类型:缓冲溢出攻击和在服务器上执行脚本。
And the data show that the problem is growing instead of shrinking; see "Buffer overflow: Dejavu all over again".
并且资料显示这一问题正在扩大,而不是在缩减;请参阅「缓冲区溢位︰捲土重来」。
Attacking using a buffer overflow can change this process and allow an attacker to execute any function they wish.
利用缓冲区溢出进行攻击可以改变这个过程,并且允许黑客执行任何他们期望的函数。
Because PHP manages memory for you, there's no PHP code that can result in stack and buffer overflow exploits.
因为PHP可以为您管理记忆,所以PHP代码不会导致堆栈和缓冲溢出。
This tracking or recomputation is easy to get wrong, and any mistake can open the door to a buffer overflow attack.
这种跟踪或重新计算很容易出错,而任何错误都可能给缓冲区攻击打开方便之门。
In the instance of a buffer overflow attack, an internal value in a program is overflowed to alter how the program runs.
在缓冲区溢出攻击的实例中,程序的内部值溢出,从而改变程序的运行方式。
Looking at the program, it is also easier for an attacker to figure out how to cause a buffer overflow with real inputs.
检视这个程序,攻击者更容易得出如何利用实际输入导致缓冲区溢位。
The data are extremely discouraging since the buffer overflow problem has been widely known in security circles for years.
由于缓冲区溢位问题近年来在安全性领域中已受到瞩目,这一资料是相当令人灰心的。
After all, someone could have changed the bytecode manually with a hex editor to attempt to trigger a buffer overflow.
毕竟,也许有人已经用十六进制编辑器手工修改了字节符,试图触发缓冲器溢出。
The immediate cause of the vulnerability was that one of Sendmail's security checks was flawed, permitting a buffer overflow.
造成这一漏洞的直接原因是,Sendmail的一个安全检测是有缺陷的,可以发生缓冲区溢出。
For instance, a program designed to exploit a buffer overflow is very likely to use some inline assembly for the target platform.
举例来说,设计利用缓存溢出的程序很可能会对目标平台使用内联汇编。
A buffer overflow, or buffer overrun, occurs when a process attempts to store data beyond the boundaries of a fixed-length buffer.
当进程尝试将数据储存到固定长度的缓冲区的范围之外时,就会出现缓冲区溢出。
The return value is always the size of the combined string if no buffer overflow occurred; this makes it really easy to detect an overflow.
如果没有发生缓冲区溢出,返回值始终是组合字符串的长度;这使得检测缓冲区溢出真正变得容易了。
应用推荐