程序设计安全性问题探析

Question of Security About Program Code

针对C程序语言本身存在的不进行数组边界检查,容易产生缓冲区溢出,进而产生系统瘫痪等缺陷,对缓冲区溢出的原理和溢出攻击进行了详细的阐述。通过一个会导致缓冲区溢出的程序代码对缓冲区产生溢出攻击的实例分析,提出了发生缓冲区溢出的条件以及预防措施。

Some program language have pestilent bug, for example, C program language which doesn＇t check the border of the array of number is apt to cause the buffer overflow, and therefore possibly cause the failure of program processing and paralysis of computer. This paper deeply analyses the principle and possiblility of buffer overflow attacking, and buffer overflow＇s potential dangers according to program code with buffer overflow. At last, it points out the condition of buffer overflow attacking and put forward precautionary measures on buffer overflow attacking.