The memory allocation functions of C language include malloc()
, kmalloc
, smalloc()
, xmalloc()
, realloc()
, calloc()
, GlobalAlloc()
, HeapAlloc()
and so on, taking malloc()
as an example, the prototype of the malloc()
function is:
extern void*malloc (unsignedintnum_bytes);
malloc()
The function allocates num_bytes
bytes of memory and returns a pointer to this memory. When the integer of the memory allocation length comes from an untrusted source that may be contaminated, if the external input data is not effectively judged, it will lead to extremely large memory allocation. Untrusted sources that may be contaminated include: command line parameters, configuration files, network communications, databases, environment variables, registry values, and other input from outside the application.
Directly use contaminated data as the length parameter of the memory allocation function, such as passing in a very large integer value , the program will allocate a huge memory accordingly, resulting in huge memory overhead on the system, and even leading to denial of service attacks.
There are also some related vulnerability information in the CVE. From January 2018 to March 2019, there were 4 related vulnerability information in the CVE. The vulnerability information is as follows:
Overview | |
---|---|
There is a security vulnerability in the '__zzip_parse_root_directory' function of the zzip/zip.c file in ZZIPlib version 0.13.68. A remote attacker could exploit this vulnerability to cause a denial of service (uncontrolled memory allocation and crash) using a specially crafted zip file. | |
There is a security vulnerability in the 'PoDoFo::PdfVecObjects::Reserve' function of the base/PdfVecObjects.h file in PoDoFo 0.9.5 version . A remote attacker could exploit this vulnerability to cause a denial of service (uncontrolled memory allocation) using a specially crafted PDF file. | |
There is a security vulnerability in the 'PdfParser::ReadXRefSubsection' function of the base/PdfParser.cpp file in PoDoFo version 0.9.5. This vulnerability It comes from the fact that the program does not control the allocation of memory. A remote attacker could exploit this vulnerability to cause a denial of service using a specially crafted PDF file. |
The above is the detailed content of Analysis of examples of contaminated memory allocation functions in C language. For more information, please follow other related articles on the PHP Chinese website!