Applications patched by IntPatch have a negligible runtime performance loss which is averaging about 1%. It has caught all 46 previously known IO2BO vulnerabilities in our test suite and found 21 new bugs. A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer. The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow. If an integer overflow happens during financial calculations, it. We evaluate IntPatch on a number of real-world applications. A buffer overflow lets the attacker gain shell access and attempt further privilege escalation. Moreover, IntPatch provides an interface for programmers to facilitate checking integer overflows. IntPatch utilizes classic type theory and dataflow analysis framework to identify potential IO2BO vulnerabilities, and then instruments programs with runtime checks. This behavior is more informally called unsigned integer wrapping. In this paper, we present the design and implementation of IntPatch, a compiler extension for automatically fixing IO2BO vulnerabilities in C/C++ programs at compile time. A computation involving unsigned operands can never overflow, because a result that cannot be represented by the resulting unsigned integer type is reduced modulo the number that is one greater than the largest value that can be represented by the resulting type. Automatically identifying and fixing this kind of vulnerability are critical for software security. The Integer-Overflow-to-Buffer-Overflow (IO2BO) vulnerability is an underestimated threat. Chao Zhang, Tielei Wang, Tao Wei, Yu Chen, and Wei Zou
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |