Software Security, Implementation Flaws, and Memory …cs161/sp10/slides/1.22.implflaw.pdf ·...
Transcript of Software Security, Implementation Flaws, and Memory …cs161/sp10/slides/1.22.implflaw.pdf ·...
![Page 1: Software Security, Implementation Flaws, and Memory …cs161/sp10/slides/1.22.implflaw.pdf · Software Security, Implementation Flaws, and ... The zero-day attack that exploited IE](https://reader031.fdocuments.us/reader031/viewer/2022030600/5acdce877f8b9a63398e866a/html5/thumbnails/1.jpg)
Software Security,Implementation Flaws,
and Memory Safety
1/22/2010
![Page 2: Software Security, Implementation Flaws, and Memory …cs161/sp10/slides/1.22.implflaw.pdf · Software Security, Implementation Flaws, and ... The zero-day attack that exploited IE](https://reader031.fdocuments.us/reader031/viewer/2022030600/5acdce877f8b9a63398e866a/html5/thumbnails/2.jpg)
![Page 3: Software Security, Implementation Flaws, and Memory …cs161/sp10/slides/1.22.implflaw.pdf · Software Security, Implementation Flaws, and ... The zero-day attack that exploited IE](https://reader031.fdocuments.us/reader031/viewer/2022030600/5acdce877f8b9a63398e866a/html5/thumbnails/3.jpg)
![Page 4: Software Security, Implementation Flaws, and Memory …cs161/sp10/slides/1.22.implflaw.pdf · Software Security, Implementation Flaws, and ... The zero-day attack that exploited IE](https://reader031.fdocuments.us/reader031/viewer/2022030600/5acdce877f8b9a63398e866a/html5/thumbnails/4.jpg)
#293 HRE-THR 850 1930
ALICE SMITH
COACH
SPECIAL INSTRUX: NONE
![Page 5: Software Security, Implementation Flaws, and Memory …cs161/sp10/slides/1.22.implflaw.pdf · Software Security, Implementation Flaws, and ... The zero-day attack that exploited IE](https://reader031.fdocuments.us/reader031/viewer/2022030600/5acdce877f8b9a63398e866a/html5/thumbnails/5.jpg)
#293 HRE-THR 850 1930
ALICE SMITHHHHHHHHHHH
HHACH
SPECIAL INSTRUX: NONE
![Page 6: Software Security, Implementation Flaws, and Memory …cs161/sp10/slides/1.22.implflaw.pdf · Software Security, Implementation Flaws, and ... The zero-day attack that exploited IE](https://reader031.fdocuments.us/reader031/viewer/2022030600/5acdce877f8b9a63398e866a/html5/thumbnails/6.jpg)
#293 HRE-THR 850 1930
ALICE SMITH
FIRST
SPECIAL INSTRUX: GIVE
PAX EXTRA CHAMPAGNE.
![Page 7: Software Security, Implementation Flaws, and Memory …cs161/sp10/slides/1.22.implflaw.pdf · Software Security, Implementation Flaws, and ... The zero-day attack that exploited IE](https://reader031.fdocuments.us/reader031/viewer/2022030600/5acdce877f8b9a63398e866a/html5/thumbnails/7.jpg)
char name[20];
void vulnerable() {gets(name);
}
![Page 8: Software Security, Implementation Flaws, and Memory …cs161/sp10/slides/1.22.implflaw.pdf · Software Security, Implementation Flaws, and ... The zero-day attack that exploited IE](https://reader031.fdocuments.us/reader031/viewer/2022030600/5acdce877f8b9a63398e866a/html5/thumbnails/8.jpg)
char name[20];char instrux[80] = "none";
void vulnerable() {gets(name);
}
![Page 9: Software Security, Implementation Flaws, and Memory …cs161/sp10/slides/1.22.implflaw.pdf · Software Security, Implementation Flaws, and ... The zero-day attack that exploited IE](https://reader031.fdocuments.us/reader031/viewer/2022030600/5acdce877f8b9a63398e866a/html5/thumbnails/9.jpg)
char line[512];char command[] = "/usr/bin/finger";
void main() {gets(line);...execv(command, ...);
}
![Page 10: Software Security, Implementation Flaws, and Memory …cs161/sp10/slides/1.22.implflaw.pdf · Software Security, Implementation Flaws, and ... The zero-day attack that exploited IE](https://reader031.fdocuments.us/reader031/viewer/2022030600/5acdce877f8b9a63398e866a/html5/thumbnails/10.jpg)
char name[20];int seatinfirstclass = 0;
void vulnerable() {gets(name);
}
![Page 11: Software Security, Implementation Flaws, and Memory …cs161/sp10/slides/1.22.implflaw.pdf · Software Security, Implementation Flaws, and ... The zero-day attack that exploited IE](https://reader031.fdocuments.us/reader031/viewer/2022030600/5acdce877f8b9a63398e866a/html5/thumbnails/11.jpg)
char name[20];int authenticated = 0;
void vulnerable() {gets(name);
}
![Page 12: Software Security, Implementation Flaws, and Memory …cs161/sp10/slides/1.22.implflaw.pdf · Software Security, Implementation Flaws, and ... The zero-day attack that exploited IE](https://reader031.fdocuments.us/reader031/viewer/2022030600/5acdce877f8b9a63398e866a/html5/thumbnails/12.jpg)
void vulnerable() {char buf[64];gets(buf);...
}
![Page 13: Software Security, Implementation Flaws, and Memory …cs161/sp10/slides/1.22.implflaw.pdf · Software Security, Implementation Flaws, and ... The zero-day attack that exploited IE](https://reader031.fdocuments.us/reader031/viewer/2022030600/5acdce877f8b9a63398e866a/html5/thumbnails/13.jpg)
void still_vulnerable() {char buf = malloc(64);gets(buf);...
}
![Page 14: Software Security, Implementation Flaws, and Memory …cs161/sp10/slides/1.22.implflaw.pdf · Software Security, Implementation Flaws, and ... The zero-day attack that exploited IE](https://reader031.fdocuments.us/reader031/viewer/2022030600/5acdce877f8b9a63398e866a/html5/thumbnails/14.jpg)
void safe() {char buf[64];fgets(buf, sizeof buf, stdin);...
}
![Page 15: Software Security, Implementation Flaws, and Memory …cs161/sp10/slides/1.22.implflaw.pdf · Software Security, Implementation Flaws, and ... The zero-day attack that exploited IE](https://reader031.fdocuments.us/reader031/viewer/2022030600/5acdce877f8b9a63398e866a/html5/thumbnails/15.jpg)
void vulnerable() {char buf[64];if (fgets(buf, 64, stdin) == NULL)return;
printf(buf);}
![Page 16: Software Security, Implementation Flaws, and Memory …cs161/sp10/slides/1.22.implflaw.pdf · Software Security, Implementation Flaws, and ... The zero-day attack that exploited IE](https://reader031.fdocuments.us/reader031/viewer/2022030600/5acdce877f8b9a63398e866a/html5/thumbnails/16.jpg)
void vulnerable(int len, char *data) {char buf[64];if (len > 64)return;
memcpy(buf, data, len);}
![Page 17: Software Security, Implementation Flaws, and Memory …cs161/sp10/slides/1.22.implflaw.pdf · Software Security, Implementation Flaws, and ... The zero-day attack that exploited IE](https://reader031.fdocuments.us/reader031/viewer/2022030600/5acdce877f8b9a63398e866a/html5/thumbnails/17.jpg)
void safe(size_t len, char *data) {char buf[64];if (len > 64)return;
memcpy(buf, data, len);}
![Page 18: Software Security, Implementation Flaws, and Memory …cs161/sp10/slides/1.22.implflaw.pdf · Software Security, Implementation Flaws, and ... The zero-day attack that exploited IE](https://reader031.fdocuments.us/reader031/viewer/2022030600/5acdce877f8b9a63398e866a/html5/thumbnails/18.jpg)
void vulnerable(size_t len, char *data) {char *buf = malloc(len+2);memcpy(buf, data, len);buf[len] = '\n';buf[len+1] = '\0';
}
![Page 19: Software Security, Implementation Flaws, and Memory …cs161/sp10/slides/1.22.implflaw.pdf · Software Security, Implementation Flaws, and ... The zero-day attack that exploited IE](https://reader031.fdocuments.us/reader031/viewer/2022030600/5acdce877f8b9a63398e866a/html5/thumbnails/19.jpg)
![Page 20: Software Security, Implementation Flaws, and Memory …cs161/sp10/slides/1.22.implflaw.pdf · Software Security, Implementation Flaws, and ... The zero-day attack that exploited IE](https://reader031.fdocuments.us/reader031/viewer/2022030600/5acdce877f8b9a63398e866a/html5/thumbnails/20.jpg)
![Page 21: Software Security, Implementation Flaws, and Memory …cs161/sp10/slides/1.22.implflaw.pdf · Software Security, Implementation Flaws, and ... The zero-day attack that exploited IE](https://reader031.fdocuments.us/reader031/viewer/2022030600/5acdce877f8b9a63398e866a/html5/thumbnails/21.jpg)