安全漏洞:这段代码有什么错误?
Security Vulnerability : What is the error in this piece of code?
我在自己阅读 this book 时,只是为了好玩,遇到了以下问题:
This code has a security vulnerability ; Can you find and fix it? :
bool isValidAddition(unsigned short x, unsigned short y)
{
if(x + y < x)
return false;
else
return true;
}
有人可以帮助我识别漏洞吗?
根据 C Standard 我们知道以下几点是正确的:
- sizeof(short) <= sizeof(int) <= sizeof(long)
- sizeof(short) >= 2 bytes , sizeof(int) >= 2 bytes, sizeof(long) >= 4 bytes
- There is an implicit integer promotion of operand data types used in arithmetic expressions which is done by the compiler
所以在上面的代码片段中执行以下操作:
改变
if(x + y < x)
到
if((unsigned short)(x + y) < x)
如果 int 是 4(或 >2)字节,这将起作用
希望这对您有所帮助:)
我在自己阅读 this book 时,只是为了好玩,遇到了以下问题:
This code has a security vulnerability ; Can you find and fix it? :
bool isValidAddition(unsigned short x, unsigned short y)
{
if(x + y < x)
return false;
else
return true;
}
有人可以帮助我识别漏洞吗?
根据 C Standard 我们知道以下几点是正确的:
- sizeof(short) <= sizeof(int) <= sizeof(long)
- sizeof(short) >= 2 bytes , sizeof(int) >= 2 bytes, sizeof(long) >= 4 bytes
- There is an implicit integer promotion of operand data types used in arithmetic expressions which is done by the compiler
所以在上面的代码片段中执行以下操作:
改变
if(x + y < x)
到
if((unsigned short)(x + y) < x)
如果 int 是 4(或 >2)字节,这将起作用
希望这对您有所帮助:)