1.ATI Radeon Xpress 200M (RS400) ( 1933750 MB ) NEC è¿ä¸ªç©ç«èè¡åï¼
2.为ä»ä¹ç«èåå¼ä¼åºç°Buffer overrun detected
ATI Radeon Xpress 200M (RS400) ( 1933750 MB ) NEC è¿ä¸ªç©ç«èè¡åï¼
çå°å¾å¤ç½åä¸ä¼è£ ATIæ¾å¡é©±å¨ï¼è¯´å®å¨çATI驱å¨ç¡®å®å¾è®©äººéé·ï¼ï¼æå°±åäºè¿ç¯è´´åï¼æ²¡å¥ææ¯å«éï¼åªæ¯è¿å带æãå¨è¿éæè°¢é£äºæä¾æ¹æ³çç½ååææ¯æ¯æè ï¼1.ä¸è¬æ¥è®²èçATIæ¾å¡å¨è£ 好系ç»ä»¥åå°±å¯ä»¥å¾å¥½çå·¥ä½äºï¼è¿æ¯å 为AMD对èå¡ç驱å¨å ¬å¸äºæºç ï¼ä½¿å¼æºé©±å¨è½å¤å¾å¥½çæ¯æ3Dãå¼å¯ç¹æå¾ç®åï¼åªè¦å¨ç³»ç»é¦é项ââ主é¢ââç¹æééæ©å°±å¯ä»¥äºã2.大é¨åAå¡æ²¡æè¿ä¹å¹¸è¿ï¼éè¦å¾å¤è®¾ç½®ï¼è¿è¦ç¥éubuntuçä¸äºåºæ¬æ¦å¿µï¼ç¼è¯é©±å¨å°æ ¸å¿ä¸æ¦åºéï¼æ¯è¾éº»ç¦ãæä½æ¥éª¤å¦ä¸ï¼ï¼1ï¼æ³¨æï¼ATIéæºé©±å¨ä¸åæ¯æTATI Radeon -,炫舞权限资源码规则 X-X, Xpress. å ·ä½å¦ä¸ï¼ATI Radeon Series ATI Radeon Series ATI Radeon Series ATI Radeon Series ATI Radeon Series ATI Radeon X Series ATI Radeon X Series ATI Radeon X Series ATI Radeon X Series ATI Radeon X Series ATI Radeon X Series ATI Radeon X Series ATI Radeon X Series ATI Radeon X Series ATI Radeon X Series ATI Radeon X Series ATI Radeon X Series ATI Radeon X Series ATI Radeon X Series ATI Radeon X Series ATI Radeon X Series ATI Radeon Xpress Series ATI Radeon X Series å¦æä½ çæ¾å¡å¨æ¤åï¼å°±éº»ç¦ä½ ç¨å¼æºé©±å¨ãï¼2ï¼å®è£ åçåå¤ï¼å®è£ å¿ è¦è½¯ä»¶sudo apt-get install build-essential cdbs fakeroot dh-make debhelper debconf libstdc++5 dkms ï¼3ï¼ä¸è½½ææ°çATI驱å¨ï¼ /us/gpudownload/Pages/index.aspxï¼:Catalyst 9.6 -- File: ati-driver-installer-9-6-x.x_.run.è¿ä¸ªå æ¯æXåX.ç¶åå¨ç»ç«¯éå®ä½å°æ件ä¸è½½çä½ç½®ï¼ç¨cdå½ä»¤ï¼ãè¿è¡ç¼è¯debå ï¼sh ati-driver-installer-9-6-x.x_.run --buildpkg Ubuntu/jaunty ï¼4ï¼å®è£ ä½ï¼sudo dpkg -i xorg-driver-fglrx_*.deb fglrx-kernel-source_*.deb fglrx-amdcccle_*.deb ä½ï¼sudo dpkg -i xorg-driver-fglrx_*.deb fglrx-kernel-source_*.deb fglrx-amdcccle_*.deb ï¼5ï¼æ¶å°¾sudo gedit /etc/X/xorg.conf å¨xorgæ件ä¸æ·»å ä¸é¢çè¯å¥ï¼å¦æä½ çæ件é没æï¼ï¼ä¸è¦[...]Section "Device" [...] Identifier "SOME IDENTIFIER" [...] Driver "fglrx" [...]EndSectionä¿åéåºãï¼6ï¼éå¯ï¼è¾å ¥fglrxinfo åºè¯¥æ以ä¸ä¿¡æ¯display: :0.0  
为ä»ä¹ç«èåå¼ä¼åºç°Buffer overrun detected
detected-DesInitScanç¼å²åºæº¢åºï¼ï¼åºè¯¥å¾ä¸¥éçç¼å²åºæº¢åº ç¼å²åºæº¢åºæ¯ä¸ç§é常æ®éãé常å±é©çæ¼æ´ï¼å¨åç§æä½ç³»ç»ãåºç¨è½¯ä»¶ä¸å¹¿æ³åå¨ãå©ç¨ç¼å²åºæº¢åºæ»å»ï¼å¯ä»¥å¯¼è´ç¨åºè¿è¡å¤±è´¥ãç³»ç»å½æºãéæ°å¯å¨çåæãæ´ä¸ºä¸¥éçæ¯ï¼å¯ä»¥å©ç¨å®æ§è¡éæææ令ï¼çè³å¯ä»¥åå¾ç³»ç»ç¹æï¼è¿èè¿è¡åç§éæ³æä½ãç¼å²åºæº¢åºæ»å»æå¤ç§è±æå称ï¼buffer overflowï¼buffer overrunï¼smash the stackï¼trash the stackï¼scribble the stackï¼ mangle the stackï¼ memory leakï¼overrun screwï¼å®ä»¬æçé½æ¯åä¸ç§æ»å»æ段ã第ä¸ä¸ªç¼å²åºæº¢åºæ»å»--Morrisè è«ï¼åçå¨äºåå¹´åï¼å®æ¾é æäºå ¨ä¸çå¤å°ç½ç»æå¡å¨ç«çªã
1.æ¦å¿µ
ç¼å²åºæº¢åºæ¯æå½è®¡ç®æºåç¼å²åºå å¡«å æ°æ®ä½æ°æ¶è¶ è¿äºç¼å²åºæ¬èº«ç容é溢åºçæ°æ®è¦çå¨åæ³æ°æ®ä¸,çæ³çæ åµæ¯ç¨åºæ£æ¥æ°æ®é¿åº¦å¹¶ä¸å 许è¾å ¥è¶ è¿ç¼å²åºé¿åº¦çå符,ä½æ¯ç»å¤§å¤æ°ç¨åºé½ä¼å设æ°æ®é¿åº¦æ»æ¯ä¸æåé çå¨å空é´æ³å¹é ,è¿å°±ä¸ºç¼å²åºæº¢åºåä¸éæ£.æä½ç³»ç»æ使ç¨çç¼å²åº å被称为"å æ ". å¨å个æä½è¿ç¨ä¹é´,æ令ä¼è¢«ä¸´æ¶å¨åå¨"å æ "å½ä¸,"å æ "ä¹ä¼åºç°ç¼å²åºæº¢åºã
2.å±å®³
å¨å½åç½ç»ä¸åå¸å¼ç³»ç»å®å ¨ä¸ï¼è¢«å¹¿æ³å©ç¨ç%以ä¸é½æ¯ç¼å²åºæº¢åºï¼å ¶ä¸æèåçä¾åæ¯å¹´å©ç¨fingerdæ¼æ´çè è«ãèç¼å²åºæº¢åºä¸ï¼æ为å±é©çæ¯å æ 溢åºï¼å ä¸ºå ¥ä¾µè å¯ä»¥å©ç¨å æ 溢åºï¼å¨å½æ°è¿åæ¶æ¹åè¿åç¨åºçå°åï¼è®©å ¶è·³è½¬å°ä»»æå°åï¼å¸¦æ¥çå±å®³ä¸ç§æ¯ç¨åºå´©æºå¯¼è´æç»æå¡ï¼å¦å¤ä¸ç§å°±æ¯è·³è½¬å¹¶ä¸æ§è¡ä¸æ®µæ¶æ代ç ï¼æ¯å¦å¾å°shellï¼ç¶å为æ欲为ã
3.ç¼å²åºæ»å»
ä¸. ç¼å²åºæº¢åºçåç
éè¿å¾ç¨åºçç¼å²åºåè¶ åºå ¶é¿åº¦çå 容ï¼é æç¼å²åºç溢åºï¼ä»èç ´åç¨åºçå æ ï¼ä½¿ç¨åºè½¬èæ§è¡å ¶å®æ令ï¼ä»¥è¾¾å°æ»å»çç®çãé æç¼å²åºæº¢åºçåå æ¯ç¨åºä¸æ²¡æä»ç»æ£æ¥ç¨æ·è¾å ¥çåæ°ãä¾å¦ä¸é¢ç¨åºï¼
void function(char *str) {
char buffer[];
strcpy(buffer,str);
}
ä¸é¢çstrcpy()å°ç´æ¥å§strä¸çå 容copyå°bufferä¸ãè¿æ ·åªè¦strçé¿åº¦å¤§äºï¼å°±ä¼é æbufferç溢åºï¼ä½¿ç¨åºè¿è¡åºéãåå¨è±¡strcpyè¿æ ·çé®é¢çæ åå½æ°è¿æstrcat()ï¼sprintf()ï¼vsprintf()ï¼gets()ï¼scanf()çã
å½ç¶ï¼é便å¾ç¼å²åºä¸å¡«ä¸è¥¿é æå®æº¢åºä¸è¬åªä¼åºç°âå段é误âï¼Segmentation faultï¼ï¼èä¸è½è¾¾å°æ»å»çç®çãæ常è§çæ段æ¯éè¿å¶é ç¼å²åºæº¢åºä½¿ç¨åºè¿è¡ä¸ä¸ªç¨æ·shellï¼åéè¿shellæ§è¡å ¶å®å½ä»¤ãå¦æ该ç¨åºå±äºrootä¸æsuidæéçè¯ï¼æ»å»è å°±è·å¾äºä¸ä¸ªærootæéçshellï¼å¯ä»¥å¯¹ç³»ç»è¿è¡ä»»ææä½äºã
ç¼å²åºæº¢åºæ»å»ä¹æ以æ为ä¸ç§å¸¸è§å®å ¨æ»å»ææ®µå ¶åå å¨äºç¼å²åºæº¢åºæ¼æ´å¤ªæ®éäºï¼å¹¶ä¸æäºå®ç°ãèä¸ï¼ç¼å²åºæº¢åºæ为è¿ç¨æ»å»ç主è¦ææ®µå ¶åå å¨äºç¼å²åºæº¢åºæ¼æ´ç»äºäºæ»å»è ä»ææ³è¦çä¸åï¼æ¤å ¥å¹¶ä¸æ§è¡æ»å»ä»£ç ã被æ¤å ¥çæ»å»ä»£ç 以ä¸å®çæéè¿è¡æç¼å²åºæº¢åºæ¼æ´çç¨åºï¼ä»èå¾å°è¢«æ»å»ä¸»æºçæ§å¶æã
å¨å¹´Lincolnå®éªå®¤ç¨æ¥è¯ä¼°å ¥ä¾µæ£æµçç5ç§è¿ç¨æ»å»ä¸ï¼æ2ç§æ¯ç¼å²åºæº¢åºãèå¨å¹´CERTç份建议ä¸ï¼æ9份æ¯æ¯ä¸ç¼å²åºæº¢åºæå ³çï¼å¨å¹´ï¼è³å°æåæ°ç建议æ¯åç¼å²åºæº¢åºæå ³çãå¨Bugtraqçè°æ¥ä¸ï¼æ2/3ç被è°æ¥è 认为ç¼å²åºæº¢åºæ¼æ´æ¯ä¸ä¸ªå¾ä¸¥éçå®å ¨é®é¢ã
ç¼å²åºæº¢åºæ¼æ´åæ»å»æå¾å¤ç§å½¢å¼ï¼ä¼å¨ç¬¬äºè对ä»ä»¬è¿è¡æè¿°ååç±»ãç¸åºå°é²å«æ段ä¹éè æ»å»æ¹æ³çä¸åèä¸åï¼å°å¨ç¬¬åèæè¿°ï¼å®çå 容å æ¬é对æ¯ç§æ»å»ç±»åçææçé²å«æ段ã
äºãç¼å²åºæº¢åºçæ¼æ´åæ»å»
ç¼å²åºæº¢åºæ»å»çç®çå¨äºæ°ä¹±å ·ææäºç¹æè¿è¡çç¨åºçåè½ï¼è¿æ ·å¯ä»¥ä½¿å¾æ»å»è åå¾ç¨åºçæ§å¶æï¼å¦æ该ç¨åºå ·æ足å¤çæéï¼é£ä¹æ´ä¸ªä¸»æºå°±è¢«æ§å¶äºãä¸è¬èè¨ï¼æ»å»è æ»å»rootç¨åºï¼ç¶åæ§è¡ç±»ä¼¼âexec(sh)âçæ§è¡ä»£ç æ¥è·å¾rootæéçshellã为äºè¾¾å°è¿ä¸ªç®çï¼æ»å»è å¿ é¡»è¾¾å°å¦ä¸ç两个ç®æ ï¼
1. å¨ç¨åºçå°å空é´éå®æéå½ç代ç ã
2. éè¿éå½çåå§åå¯åå¨åå åï¼è®©ç¨åºè·³è½¬å°å ¥ä¾µè å®æçå°å空é´æ§è¡ã
æ ¹æ®è¿ä¸¤ä¸ªç®æ æ¥å¯¹ç¼å²åºæº¢åºæ»å»è¿è¡åç±»ãå¨äº.1èï¼å°æè¿°æ»å»ä»£ç æ¯å¦ä½æ¾å ¥è¢«æ»å»ç¨åºçå°å空é´çãå¨äº.2èï¼å°ä»ç»æ»å»è å¦ä½ä½¿ä¸ä¸ªç¨åºçç¼å²åºæº¢åºï¼å¹¶ä¸æ§è¡è½¬ç§»å°æ»å»ä»£ç ï¼è¿ä¸ªå°±æ¯â溢åºâçç±æ¥ï¼ãå¨äº.3èï¼å°ç»¼åå两èæ讨论ç代ç å®æåæ§å¶ç¨åºæ§è¡æµç¨çææ¯ã
äº.1 å¨ç¨åºçå°å空é´éå®æéå½ç代ç çæ¹æ³
æ两ç§å¨è¢«æ»å»ç¨åºå°å空é´éå®ææ»å»ä»£ç çæ¹æ³ï¼
1ãæ¤å ¥æ³ï¼
æ»å»è å被æ»å»çç¨åºè¾å ¥ä¸ä¸ªå符串ï¼ç¨åºä¼æè¿ä¸ªå符串æ¾å°ç¼å²åºéãè¿ä¸ªå符串å å«çèµææ¯å¯ä»¥å¨è¿ä¸ªè¢«æ»å»ç硬件平å°ä¸è¿è¡çæ令åºåãå¨è¿éï¼æ»å»è ç¨è¢«æ»å»ç¨åºçç¼å²åºæ¥åæ¾æ»å»ä»£ç ãç¼å²åºå¯ä»¥è®¾å¨ä»»ä½å°æ¹ï¼å æ ï¼stackï¼èªå¨åéï¼ãå ï¼heapï¼å¨æåé çå ååºï¼åéæèµæåºã
2ãå©ç¨å·²ç»åå¨ç代ç ï¼
ææ¶ï¼æ»å»è æ³è¦ç代ç å·²ç»å¨è¢«æ»å»çç¨åºä¸äºï¼æ»å»è æè¦åçåªæ¯å¯¹ä»£ç ä¼ éä¸äºåæ°ãæ¯å¦ï¼æ»å»ä»£ç è¦æ±æ§è¡âexec (â/bin/shâ)âï¼èå¨libcåºä¸ç代ç æ§è¡âexec (arg)âï¼å ¶ä¸arg使ä¸ä¸ªæåä¸ä¸ªå符串çæéåæ°ï¼é£ä¹æ»å»è åªè¦æä¼ å ¥çåæ°æéæ¹åæåâ/bin/shâã
äº.2 æ§å¶ç¨åºè½¬ç§»å°æ»å»ä»£ç çæ¹æ³
ææçè¿äºæ¹æ³é½æ¯å¨å¯»æ±æ¹åç¨åºçæ§è¡æµç¨ï¼ä½¿ä¹è·³è½¬å°æ»å»ä»£ç ãæåºæ¬çå°±æ¯æº¢åºä¸ä¸ªæ²¡æè¾¹çæ£æ¥æè å ¶å®å¼±ç¹çç¼å²åºï¼è¿æ ·å°±æ°ä¹±äºç¨åºçæ£å¸¸çæ§è¡é¡ºåºãéè¿æº¢åºä¸ä¸ªç¼å²åºï¼æ»å»è å¯ä»¥ç¨æ´åçæ¹æ³æ¹åç¸é»çç¨åºç©ºé´èç´æ¥è·³è¿äºç³»ç»çæ£æ¥ã
åç±»çåºåæ¯æ»å»è æ寻æ±çç¼å²åºæº¢åºçç¨åºç©ºé´ç±»åãååä¸æ¯å¯ä»¥ä»»æç空é´ãå®é ä¸ï¼è®¸å¤çç¼å²åºæº¢åºæ¯ç¨æ´åçæ¹æ³æ¥å¯»æ±æ¹åç¨åºæéçãè¿ç±»ç¨åºçä¸åä¹å¤å°±æ¯ç¨åºç©ºé´ççªç ´åå å空é´çå®ä½ä¸åã主è¦æ以ä¸ä¸ç§ï¼ 1ãæ´»å¨çºªå½ï¼Activation Recordsï¼ï¼
æ¯å½ä¸ä¸ªå½æ°è°ç¨åçæ¶ï¼è°ç¨è ä¼å¨å æ ä¸çä¸ä¸ä¸ªæ´»å¨çºªå½ï¼å®å å«äºå½æ°ç»ææ¶è¿åçå°åãæ»å»è éè¿æº¢åºå æ ä¸çèªå¨åéï¼ä½¿è¿åå°åæåæ»å»ä»£ç ãéè¿æ¹åç¨åºçè¿åå°åï¼å½å½æ°è°ç¨ç»ææ¶ï¼ç¨åºå°±è·³è½¬å°æ»å»è 设å®çå°åï¼èä¸æ¯åå çå°åãè¿ç±»çç¼å²åºæº¢åºè¢«ç§°ä¸ºå æ 溢åºæ»å»ï¼Stack Smashing Attackï¼ï¼æ¯ç®åæ常ç¨çç¼å²åºæº¢åºæ»å»æ¹å¼ã
2ãå½æ°æéï¼Function Pointersï¼ï¼
å½æ°æéå¯ä»¥ç¨æ¥å®ä½ä»»ä½å°å空é´ãä¾å¦ï¼âvoid (* foo)()â声æäºä¸ä¸ªè¿åå¼ä¸ºvoidçå½æ°æéåéfooãæ以æ»å»è åªéå¨ä»»ä½ç©ºé´å çå½æ°æééè¿æ¾å°ä¸ä¸ªè½å¤æº¢åºçç¼å²åºï¼ç¶å溢åºè¿ä¸ªç¼å²åºæ¥æ¹åå½æ°æéãå¨æä¸æ¶å»ï¼å½ç¨åºéè¿å½æ°æéè°ç¨å½æ°æ¶ï¼ç¨åºçæµç¨å°±ææ»å»è çæå¾å®ç°äºãå®çä¸ä¸ªæ»å»èä¾å°±æ¯å¨Linuxç³»ç»ä¸çsuperprobeç¨åºã
3ãé¿è·³è½¬ç¼å²åºï¼Longjmp buffersï¼ï¼
å¨Cè¯è¨ä¸å å«äºä¸ä¸ªç®åçæ£éª/æ¢å¤ç³»ç»ï¼ç§°ä¸ºsetjmp/longjmpãæææ¯å¨æ£éªç¹è®¾å®âsetjmp(buffer)âï¼ç¨âlongjmp(buffer)âæ¥æ¢å¤æ£éªç¹ãç¶èï¼å¦ææ»å»è è½å¤è¿å ¥ç¼å²åºç空é´ï¼é£ä¹âlongjmp(buffer)âå®é ä¸æ¯è·³è½¬å°æ»å»è ç代ç ã象å½æ°æéä¸æ ·ï¼longjmpç¼å²åºè½å¤æåä»»ä½å°æ¹ï¼æ以æ»å»è æè¦åçå°±æ¯æ¾å°ä¸ä¸ªå¯ä¾æº¢åºçç¼å²åºãä¸ä¸ªå ¸åçä¾åå°±æ¯Perl 5.çç¼å²åºæº¢åºæ¼æ´ï¼æ»å»è é¦å è¿å ¥ç¨æ¥æ¢å¤ç¼å²åºæº¢åºççlongjmpç¼å²åºï¼ç¶å诱导è¿å ¥æ¢å¤æ¨¡å¼ï¼è¿æ ·å°±ä½¿Perlç解éå¨è·³è½¬å°æ»å»ä»£ç ä¸äºã
äº.3代ç æ¤å ¥åæµç¨æ§å¶ææ¯ç综ååæ
æç®åå常è§çç¼å²åºæº¢åºæ»å»ç±»åå°±æ¯å¨ä¸ä¸ªå符串é综åäºä»£ç æ¤å ¥åæ´»å¨çºªå½ææ¯ãæ»å»è å®ä½ä¸ä¸ªå¯ä¾æº¢åºçèªå¨åéï¼ç¶ååç¨åºä¼ éä¸ä¸ªå¾å¤§çå符串ï¼å¨å¼åç¼å²åºæº¢åºï¼æ¹åæ´»å¨çºªå½çåæ¶æ¤å ¥äºä»£ç ãè¿ä¸ªæ¯ç±Levyæåºçæ»å»ç模æ¿ãå 为Cå¨ä¹ æ¯ä¸åªä¸ºç¨æ·ååæ°å¼è¾å¾å°çç¼å²åºï¼å æ¤è¿ç§æ¼æ´æ»å»çå®ä¾åå常è§ã
代ç æ¤å ¥åç¼å²åºæº¢åºä¸ä¸å®è¦å¨å¨ä¸æ¬¡å¨ä½å å®æãæ»å»è å¯ä»¥å¨ä¸ä¸ªç¼å²åºå æ¾ç½®ä»£ç ï¼è¿æ¯ä¸è½æº¢åºçç¼å²åºãç¶åï¼æ»å»è éè¿æº¢åºå¦å¤ä¸ä¸ªç¼å²åºæ¥è½¬ç§»ç¨åºçæéãè¿ç§æ¹æ³ä¸è¬ç¨æ¥è§£å³å¯ä¾æº¢åºçç¼å²åºä¸å¤å¤§ï¼ä¸è½æ¾ä¸å ¨é¨ç代ç ï¼çæ åµã
å¦ææ»å»è è¯å¾ä½¿ç¨å·²ç»å¸¸é©»ç代ç èä¸æ¯ä»å¤é¨æ¤å ¥ä»£ç ï¼ä»ä»¬éå¸¸å¿ é¡»æ代ç ä½ä¸ºåæ°è°ç¨ã举ä¾æ¥è¯´ï¼å¨libcï¼å ä¹ææçCç¨åºé½è¦å®æ¥è¿æ¥ï¼ä¸çé¨å代ç 段ä¼æ§è¡âexec(something)âï¼å ¶ä¸somthingå°±æ¯åæ°ãæ»å»è ç¶å使ç¨ç¼å²åºæº¢åºæ¹åç¨åºçåæ°ï¼ç¶åå©ç¨å¦ä¸ä¸ªç¼å²åºæº¢åºä½¿ç¨åºæéæålibcä¸çç¹å®ç代ç 段ã
ä¸ã ç¼å²åºæº¢åºæ»å»çå®éªåæ
å¹´1æï¼Cerberus å®å ¨å°ç»åå¸äºå¾®è½¯çIIS 4/5åå¨çä¸ä¸ªç¼å²åºæº¢åºæ¼æ´ãæ»å»è¯¥æ¼æ´ï¼å¯ä»¥ä½¿Webæå¡å¨å´©æºï¼çè³è·åè¶ çº§æéæ§è¡ä»»æç代ç ãç®åï¼å¾®è½¯çIIS 4/5 æ¯ä¸ç§ä¸»æµçWebæå¡å¨ç¨åºï¼å èï¼è¯¥ç¼å²åºæº¢åºæ¼æ´å¯¹äºç½ç«çå®å ¨ææäºæ大çå¨èï¼å®çæè¿°å¦ä¸ï¼
æµè§å¨åIISæåºä¸ä¸ªHTTP请æ±ï¼å¨ååï¼æIPå°åï¼åï¼å ä¸ä¸ä¸ªæ件åï¼è¯¥æ件å以â.htrâååç¼ãäºæ¯IIS认为客æ·ç«¯æ£å¨è¯·æ±ä¸ä¸ªâ.htrâæ件ï¼â.htrâæ©å±æ件被æ åæISAPIï¼Internet Service APIï¼åºç¨ç¨åºï¼IISä¼å¤ä½åææé对â.htrâèµæºç请æ±å° ISM.DLLç¨åº ï¼ISM.DLL æå¼è¿ä¸ªæ件并æ§è¡ä¹ã
æµè§å¨æ交ç请æ±ä¸å å«çæ件ååå¨å¨å±é¨åéç¼å²åºä¸ï¼è¥å®å¾é¿ï¼è¶ è¿ä¸ªå符æ¶ï¼ä¼å¯¼è´å±é¨åéç¼å²åºæº¢åºï¼è¦çè¿åå°å空é´ï¼ä½¿IISå´©æºãæ´è¿ä¸æ¥ï¼å¨å¦å¾1æ示ç2Kç¼å²åºä¸æ¤å ¥ä¸æ®µç²¾å¿è®¾è®¡ç代ç ï¼å¯ä»¥ä½¿ä¹ä»¥ç³»ç»è¶ 级æéè¿è¡ã
åãç¼å²åºæº¢åºæ»å»çé²èæ¹æ³
ç¼å²åºæº¢åºæ»å»å äºè¿ç¨ç½ç»æ»å»çç»å¤§å¤æ°ï¼è¿ç§æ»å»å¯ä»¥ä½¿å¾ä¸ä¸ªå¿åçInternetç¨æ·ææºä¼è·å¾ä¸å°ä¸»æºçé¨åæå ¨é¨çæ§å¶æãå¦æè½ææå°æ¶é¤ç¼å²åºæº¢åºçæ¼æ´ï¼åå¾å¤§ä¸é¨åçå®å ¨å¨èå¯ä»¥å¾å°ç¼è§£ã
ç®åæåç§åºæ¬çæ¹æ³ä¿æ¤ç¼å²åºå åç¼å²åºæº¢åºçæ»å»åå½±åãå¨å.1ä¸ä»ç»äºéè¿æä½ç³»ç»ä½¿å¾ç¼å²åºä¸å¯æ§è¡ï¼ä»èé»æ¢æ»å»è æ¤å ¥æ»å»ä»£ç ãå¨å.2ä¸ä»ç»äºå¼ºå¶åæ£ç¡®ç代ç çæ¹æ³ãå¨å.3ä¸ä»ç»äºå©ç¨ç¼è¯å¨çè¾¹çæ£æ¥æ¥å®ç°ç¼å²åºçä¿æ¤ãè¿ä¸ªæ¹æ³ä½¿å¾ç¼å²åºæº¢åºä¸å¯è½åºç°ï¼ä»èå®å ¨æ¶é¤äºç¼å²åºæº¢åºçå¨èï¼ä½æ¯ç¸å¯¹èè¨ä»£ä»·æ¯è¾å¤§ãå¨å.4ä¸ä»ç»ä¸ç§é´æ¥çæ¹æ³ï¼è¿ä¸ªæ¹æ³å¨ç¨åºæé失æåè¿è¡å®æ´æ§æ£æ¥ãè½ç¶è¿ç§æ¹æ³ä¸è½ä½¿å¾ææçç¼å²åºæº¢åºå¤±æï¼ä½å®è½é»æ¢ç»å¤§å¤æ°çç¼å²åºæº¢åºæ»å»ãç¶åå¨å.5ï¼åæè¿ç§ä¿æ¤æ¹æ³çå ¼å®¹æ§åæ§è½ä¼å¿ã
å.1 éæ§è¡çç¼å²åº
éè¿ä½¿è¢«æ»å»ç¨åºçæ°æ®æ®µå°å空é´ä¸å¯æ§è¡ï¼ä»è使å¾æ»å»è ä¸å¯è½æ§è¡è¢«æ¤å ¥è¢«æ»å»ç¨åºè¾å ¥ç¼å²åºç代ç ï¼è¿ç§ææ¯è¢«ç§°ä¸ºéæ§è¡çç¼å²åºææ¯ãå¨æ©æçUnixç³»ç»è®¾è®¡ä¸ï¼åªå 许ç¨åºä»£ç å¨ä»£ç 段ä¸æ§è¡ãä½æ¯è¿æ¥çUnixåMS Windowsç³»ç»ç±äºè¦å®ç°æ´å¥½çæ§è½ååè½ï¼å¾å¾å¨æ°æ®æ®µä¸å¨æå°æ¾å ¥å¯æ§è¡ç代ç ï¼è¿ä¹æ¯ç¼å²åºæº¢åºçæ ¹æºã为äºä¿æç¨åºçå ¼å®¹æ§ï¼ä¸å¯è½ä½¿å¾ææç¨åºçæ°æ®æ®µä¸å¯æ§è¡ã
ä½æ¯å¯ä»¥è®¾å®å æ æ°æ®æ®µä¸å¯æ§è¡ï¼è¿æ ·å°±å¯ä»¥ä¿è¯ç¨åºçå ¼å®¹æ§ãLinuxåSolarisé½åå¸äºæå ³è¿æ¹é¢çå æ ¸è¡¥ä¸ãå 为å ä¹æ²¡æä»»ä½åæ³çç¨åºä¼å¨å æ ä¸åæ¾ä»£ç ï¼è¿ç§åæ³å ä¹ä¸äº§çä»»ä½å ¼å®¹æ§é®é¢ï¼é¤äºå¨Linuxä¸ç两个ç¹ä¾ï¼è¿æ¶å¯æ§è¡ç代ç å¿ é¡»è¢«æ¾å ¥å æ ä¸ï¼
ï¼1ï¼ä¿¡å·ä¼ éï¼
Linuxéè¿åè¿ç¨å æ éæ¾ä»£ç ç¶åå¼åä¸ææ¥æ§è¡å¨å æ ä¸ç代ç æ¥å®ç°åè¿ç¨åéUnixä¿¡å·ãéæ§è¡ç¼å²åºçè¡¥ä¸å¨åéä¿¡å·çæ¶åæ¯å 许ç¼å²åºå¯æ§è¡çã
ï¼2ï¼GCCçå¨çº¿éç¨ï¼
ç 究åç°gccå¨å æ åºéæ¾ç½®äºå¯æ§è¡ç代ç ä½ä¸ºå¨çº¿éç¨ä¹ç¨ãç¶èï¼å ³éè¿ä¸ªåè½å¹¶ä¸äº§çä»»ä½é®é¢ï¼åªæé¨ååè½ä¼¼ä¹ä¸è½ä½¿ç¨ã
éæ§è¡å æ çä¿æ¤å¯ä»¥ææå°å¯¹ä»æ代ç æ¤å ¥èªå¨åéçç¼å²åºæº¢åºæ»å»ï¼è对äºå ¶å®å½¢å¼çæ»å»å没æææãéè¿å¼ç¨ä¸ä¸ªé©»ççç¨åºçæéï¼å°±å¯ä»¥è·³è¿è¿ç§ä¿æ¤æªæ½ãå ¶å®çæ»å»å¯ä»¥éç¨æ代ç æ¤å ¥å æè éææ°æ®æ®µä¸æ¥è·³è¿ä¿æ¤ã
å.2 ç¼åæ£ç¡®ç代ç
ç¼åæ£ç¡®ç代ç æ¯ä¸ä»¶é常ææä¹çå·¥ä½ï¼ç¹å«è±¡ç¼åCè¯è¨é£ç§é£æ ¼èªç±è容æåºéçç¨åºï¼è¿ç§é£æ ¼æ¯ç±äºè¿½æ±æ§è½è忽è§æ£ç¡®æ§çä¼ ç»å¼èµ·çã尽管è±äºå¾é¿çæ¶é´ä½¿å¾äººä»¬ç¥éäºå¦ä½ç¼åå®å ¨çç¨åºï¼å ·æå®å ¨æ¼æ´çç¨åºä¾æ§åºç°ãå æ¤äººä»¬å¼åäºä¸äºå·¥å ·åææ¯æ¥å¸®å©ç»éªä¸è¶³çç¨åºåç¼åå®å ¨æ£ç¡®çç¨åºã
æç®åçæ¹æ³å°±æ¯ç¨grepæ¥æç´¢æºä»£ç ä¸å®¹æ产çæ¼æ´çåºçè°ç¨ï¼æ¯å¦å¯¹strcpyåsprintfçè°ç¨ï¼è¿ä¸¤ä¸ªå½æ°é½æ²¡ææ£æ¥è¾å ¥åæ°çé¿åº¦ãäºå®ä¸ï¼å个çæ¬Cçæ ååºåæè¿æ ·çé®é¢åå¨ã
æ¤å¤ï¼äººä»¬è¿å¼åäºä¸äºé«çº§çæ¥éå·¥å ·ï¼å¦fault injectionçãè¿äºå·¥å ·çç®çå¨äºéè¿äººä¸ºéæºå°äº§çä¸äºç¼å²åºæº¢åºæ¥å¯»æ¾ä»£ç çå®å ¨æ¼æ´ãè¿æä¸äºéæåæå·¥å ·ç¨äºä¾¦æµç¼å²åºæº¢åºçåå¨ã
è½ç¶è¿äºå·¥å ·å¸®å©ç¨åºåå¼åæ´å®å ¨çç¨åºï¼ä½æ¯ç±äºCè¯è¨çç¹ç¹ï¼è¿äºå·¥å ·ä¸å¯è½æ¾åºææçç¼å²åºæº¢åºæ¼æ´ãæ以ï¼ä¾¦éææ¯åªè½ç¨æ¥åå°ç¼å²åºæº¢åºçå¯è½ï¼å¹¶ä¸è½å®å ¨å°æ¶é¤å®çåå¨ã