Source Code Auditing
Contents
People are bad programmers.
Why read the source?
- Best way to find the bugs
- Easier than reversing the assembly
- Fuzzers exist
- The more you understand, the easier it is to exploit
Types of Bad Stuff...
Bad API usage
printf(fmtString)
vulnerabilitystrcpy
- Keeps writing until a null terminator- What if there is no null-byte?
strncpy
- Doesn't place a null-terminator by itself- What if there is no null-byte?
memset(s, 100, 0)
sets 0 bytes to100
memset(..., ..., 0)
does nothing!!!
Integer overflows
|
|
|
|
|
|
Type conversions
Casting short
to int
etc
(int) 0x10000000 -> (short)0x0000
Race conditions
Two functions that require to be executed in order.
If they're not completed in the right order, what happens?
Array out of bounds access
Incorrect operator usage
Incorrect pointer arithmetic
Logic bugs
Yeah.