Java有缓冲区溢出吗?

发布于 2024-07-11 20:01:24 字数 36 浏览 6 评论 0原文

Java有缓冲区溢出吗? 如果是的话你能给我一些场景吗?

Does Java have buffer overflows?
If yes can you give me scenarios?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(10

回眸一遍 2024-07-18 20:01:24

由于 Java 字符串基于 char 数组,并且 Java 自动检查数组边界,因此缓冲区溢出仅在异常情况下可能发生:

  1. 如果通过 JNI 调用本机代码
  2. 在 JVM 本身中(通常用 C++ 编写)
  3. 解释器或 JIT 编译器无法正常工作(Java字节码强制边界检查)

Since Java Strings are based on char arrays and Java automatically checks array bounds, buffer overflows are only possible in unusual scenarios:

  1. If you call native code via JNI
  2. In the JVM itself (usually written in C++)
  3. The interpreter or JIT compiler does not work correctly (Java bytecode mandated bounds checks)
佞臣 2024-07-18 20:01:24

Java 和 C# 等托管语言不存在这些问题,但实际运行代码的特定虚拟机(JVM/CLR/等)可能存在这些问题。

Managed languages such as Java and C# do not have these problems, but the specific virtual machines (JVM/CLR/etc) which actually run the code may.

很快妥协 2024-07-18 20:01:24

出于所有意图和目的,不。

Java 有数组边界检查,它将检查数据是否无法从分配的数组之外的区域访问。 当尝试访问超出数组大小的区域时,会出现 ArrayOutOfBounds 将抛出异常。

如果存在缓冲区溢出,则可能是 Java 虚拟机中的错误造成的,据我所知,这不是 Java 语言规范或 Java 虚拟机规范中编写的预期行为。

For all intents and purposes, no.

Java has array bounds checking which will check that data cannot be accessed from area outside of the allocated array. When one tries to access area that is beyond the size of the array, an ArrayOutOfBounds exception will be thrown.

If there is a buffer-overrun, it is probably from a bug in the Java Virtual Machine, and is, to my knowledge, not the intended behavior that is written in the Java Language Specifications nor the Java Virtual Machine Specifications.

甜警司 2024-07-18 20:01:24

是和不是。 不,因为您不能真正错误地造成缓冲区溢出漏洞,因为它是托管内存模型。 然而,JVM 和 JDK 中可能存在缓冲区溢出漏洞。 请参阅此 Secunia 公告:

http://secunia.com/advisories/25295

或查看这些旧公告之前的几个 JDK 和 JRE 漏洞:

  • Java 运行时环境 (JRE)“unpack200”JAR 解包实用程序中的整数和缓冲区溢出漏洞可能导致权限升级https://download.oracle.com/sunalerts/1020225.1.html

    <块引用>

    Java 运行时中的整数和缓冲区溢出漏洞
    具有解包小程序和 Java Web Start 的环境 (JRE)
    使用“unpack200”JAR 解包实用程序的应用程序可能允许
    不受信任的小程序或应用程序来升级权限。 例如,
    不受信任的小程序可能会授予自己读取和写入的权限
    本地文件或执行可访问的本地应用程序
    用户运行不受信任的小程序。

    Sun 非常感谢“regenrecht”与 iDefense 的合作
    VCP (http://labs.idefense.com/vcp/) 和 Google 的 Chris Evans
    引起我们对这些问题的关注。

    "

  • Sun Java 开发工具包 (JDK) 和 Java 运行时环境 (JRE) 中已发现多个漏洞。 https://security.gentoo.org/glsa/200705-23

    <块引用>

    涉及“不正确使用系统”的未指定漏洞
    富士通安全团队报告了“类”。此外,
    Google 安全团队的 Chris Evans 报告了整数溢出问题
    导致与 JPG 或 BMP 一起使用的 ICC 解析器中的缓冲区溢出
    文件,以及处理时对 /dev/tty 的不正确的 open() 调用
    某些 BMP 文件。

Yes and no. No, in that you cannot really create mistakenly open yourself up to a buffer overflow vulnerability because it is a managed memory model. However, there can be buffer overflow vulnerabilities in the JVM and JDK. See this Secunia advisory:

http://secunia.com/advisories/25295

Or see these old advisories on several previous JDK and JRE vulnerabilities:

  • Integer and Buffer Overflow Vulnerabilities in the Java Runtime Environment (JRE) "unpack200" JAR Unpacking Utility May Lead to Escalation of Privileges https://download.oracle.com/sunalerts/1020225.1.html

    Integer and buffer overflow vulnerabilities in the Java Runtime
    Environment (JRE) with unpacking applets and Java Web Start
    applications using the "unpack200" JAR unpacking utility may allow an
    untrusted applet or application to escalate privileges. For example,
    an untrusted applet may grant itself permissions to read and write
    local files or execute local applications that are accessible to the
    user running the untrusted applet.

    Sun acknowledges with thanks, "regenrecht" working with the iDefense
    VCP (http://labs.idefense.com/vcp/) and Chris Evans of Google for
    bringing these issues to our attention.

  • Multiple vulnerabilities have been identified in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE). https://security.gentoo.org/glsa/200705-23

    An unspecified vulnerability involving an "incorrect use of system
    classes" was reported by the Fujitsu security team. Additionally,
    Chris Evans from the Google Security Team reported an integer overflow
    resulting in a buffer overflow in the ICC parser used with JPG or BMP
    files, and an incorrect open() call to /dev/tty when processing
    certain BMP files.

淡淡绿茶香 2024-07-18 20:01:24

严格意义上的覆盖堆栈或堆本身的缓冲区溢出需要:

  1. 框架中的错误(这些错误在过去已经存在,并且很可能再次存在)
  2. JNI 的使用(本质上不再使用托管代码)

缓冲区溢出从某种意义上说,您有使用缓冲区的代码,并且您的代码负责正确解析它,但可能无法这样做。
例如,您可能编写一个 XML 解析器,而某人可能会向您提供格式错误(或合法但不常见)的请求,由于解析器的设计,该请求会使用某些有效负载覆盖先前验证的数据,从而导致您的应用程序表现不佳。

后一种形式不太可能出现,但广泛分布的编写糟糕的 sql 字符串清理函数如果存在这样的问题,将是一个诱人的目标。

A buffer overflow in the strict sense of overwriting the stack or heap itself would require either:

  1. A bug in the framework (these have existed in the past and may well again)
  2. The use of JNI (essentially no longer using managed code)

A buffer overflow in the sense that you have code using a buffer and your code is responsible for parsing it correctly but fail to do so is possible.
For example You might write an XML parser and someone could provide you with a malformed (or legitimate but uncommon) request which, owing to the design of your parser overwrites previously validated data with some payload that would cause your application to behave badly.

This latter form is less likely but a poorly written sql string cleansing function widely distributed that had a problem such as this would be an inviting target.

说谎友 2024-07-18 20:01:24

Java(和.Net)虚拟机捕获尝试在保留内存之外写入的代码。 未能正确处理此问题的应用程序仍可能导致安全问题。 例如,如果恶意用户可以通过输入无效输入来触发异常,他们就可以进行拒绝服务攻击。

Java (and .Net) virtual machines catch code that tries to write outside of reserved memory. Applications that don't handle this correctly can still cause security problems. If malicious users can trigger exceptions by entering invalid input they can do denial of service attacks for example.

无语# 2024-07-18 20:01:24

正如已经指出的那样,Java 作为一种语言,对所有内存访问进行边界检查,如果这里出现错误,则错误的是 JVM 而不是程序。 不过需要注意的是,这和Java中的内存泄漏有类似的说法; 虽然不可能破坏堆栈,但在错误位置(未正确处理)的 ArrayOutOfBoundsException 最终可能会搞砸您的系统。

As has already been pointed out, Java has, as a language, bounds checking on all memory access, and if there's an error here, the JVM is at fault and not the program. However, what should be noted, which is a similar argument to memory leaks in Java; while not possible to smash the stack, an ArrayOutOfBoundsException in the wrong place, which is not handled correctly, may still end up screwing up your system.

寄离 2024-07-18 20:01:24

如果您使用 Java Native Interace (JNI) 工具调用外部代码,并且外部代码存在可利用的问题,那么您可能会导致 Java 程序中的缓冲区溢出。 这种情况相当罕见,因为大多数应用程序都会尽可能避免使用 JNI。

You could conceivably cause a buffer overflow in a Java program if you were using the Java Native Interace (JNI) facility to invoke external code, and the external code had an exploitable issue. This is fairly uncommon, as most applications avoid using JNI where possible.

迷爱 2024-07-18 20:01:24

方法有可能写入它不希望写入的数组的有效条目,通常是通过整数溢出。

例如,以下内容不足以检查边界:

/* !! WRONG !! */ 0 <= off && 0 <= len && off+len <= buff.length /* !! WRONG !! */

IIRC,StringBuffer曾经有一个类似的错误,但您无法用它做任何有趣的事情。

It is possible for a method to write into valid entries of an array that it did not intend to, typically through integer overflow.

For instance the following is not sufficient to check bounds:

/* !! WRONG !! */ 0 <= off && 0 <= len && off+len <= buff.length /* !! WRONG !! */

IIRC, StringBuffer once had a bug like that, but there wasn't anything interesting you could do with it.

泅渡 2024-07-18 20:01:24

JAVA 的关键特性之一是安全性。 用解释性语言编写的程序不容易受到缓冲区溢出攻击,但您总是可以在解释器本身中引起缓冲区溢出。
尽管这会很困难。 类似地,Python 也是一种解释性语言,并且不会发生缓冲区溢出。

One of the key features of JAVA is Security. Programs written in interpreted languages are not prone to the buffer overflow exploit, but you can always cause a buffer overflow in Interpreter itself.
Although it will be difficult. Similarly Python also is an interpreted language and is safe from buffer overflow.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文