开发者

Is this a good way to test for a buffer overflow?

I have an old version of Apache (1.3.x) installed, and I want to manually to check if it's vulnerable to buffer overflow. Can I simply send some get/post request like the following?

http://127.0.0.1/uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu

Something like that where the "u" part will be like 1000 characters or more? If the server is vulnerable (at least in the "main" implementation...) it should freeze right?

And hopefully it won't totally crash, and once I restart will it all be OK? I know I can also look at the source code. Speaking of which, interestingly I just noticed that most of the Apache's files ha开发者_如何学Pythonve been written in 1994 by someone known as McCool (who claims that he can't program...in the comments). I guess buffer overflows were unheard of back then.


I don't think there is a great generic way of testing for a buffer overflow, because in different places it can impact your program in different ways, some of them being obvious and others not.

An understanding of the code, plus a competent test team, is always a benefit when looking for things like this in projects like these.


Actually it's not that obvious that it will crash.

Where I work we introduced a lot of off-by-one errors that resulted in unnoticed buffer overflows. When one particular program crashed we noticed it, but other times our software would work seemingly fine.


What you might want to look into is fuzz testing and code coverage.

Fuzz testing is, in effect, what you suggest: sending trash to the interface and see if anything "interesting" happens. Unfortunately, "interesting" isn't well defined. Buffer overflows can cause interesting errors like "500 Internal Server Error", Java stack traces, or garbled trashy output. In the worst case, a buffer overflow can take the whole HTTP server process down, although it may not happen immediately.

The code coverage part is how you turn the carpet bombing fuzz testing approach and make it surgical. Code coverage analysis let's you look at what part of the source code you exercise when you send it different inputs, so that you can make sure you touch everything. This takes a lot of skill, effort, and motivation. Unfortunately, bad guys have a tendency to have all three.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜