The Analysis Of The Program Security Based On C Language

With the extensive application of software and network techniques, as well as the existence and application of free software represented by Linux OS, computer has rapidly developed to be an economical, efficient, and widely-used tool. Therefore, more and more software face the key problem——security. Since the computer security problems are hidden in a large amount of software (consciously-and-unconsciously-made problems), such as systematic invasion, information theft, virus, and vulnerability caused by the existing problems in program writing language and software itself, unexpected errors may happen when the software is in use. It is critical to take security property into consideration in the process of developing systems——finding and eradicating defects as early as possible before the systems being operated, so that we will reduce loss in the project.Vulnerability is caused by defects (deliberately made) in hardware, software, concrete realization of agreement or system safety tactics, which makes it possible for attackers to visit or destroy system. Vulnerability in system security refers to the elements that may cause threat or destruction to computer system security (integrity, applicability, privacy, protection, reliability, controllability). Vulnerability itself does not lead to any loss of system security. The key point is that the attackers can make use of these vulnerabilities to initiate safety problems. The paper expounds in detail vulnerability in C language and analyzes the definition, classification and use of vulnerability application.C language was developed from two early languages BCPL and B. At the very beginning, it was used as a developing language of UNIX system, which in consequence attracted widespread attention. Nowadays almost all the new mainstream operating systems have been written on the basis of C language or C++ language. C language can be applied into many computers without dependence on hardware. With a careful design, the programmers are able to compile C program which can be transplanted onto other computers. However, C language has its inborn limitations.Because of its flexible application to the point, C or C++ language allows the extra data to write randomly onto any part of the remaining memory. Buffer is the place storing data in memory. Buffer overflow happens when there is no sufficient space for the data. Buffer overflow is the most common attack means of secure vulnerability. Bad programming habit of C language programmers easily causes buffer overflow which may lead to some unexpected results. Buffer overflow is a means of system attacks. It destroys stack and makes procedure carry out other instructions to achieve attack's purpose through writing the content exceeding its length into the buffer. Statistically, 80% of system attacks are through buffer overflow. The common buffer overflow can be divided into the following kinds: The storehouse overflow, the stack overflow, the number group index mistakes, FMT alphabetic string bug, as well as the buffers of the Unicode code and the ANSI code are incompatible in size.A great majority of Buffer overflow problems of C language can be directly traced back to the standard C library. The most harmful source is the problematic string operation function which cannot take the variable examination. The Buffer overflow problems caused by the string library function mainly exist in the string function provided by C or C++ language. The destination buffer is unable to accommodate the number of the characters imported by the source string, such as fgets (char * string, int n ,V FILE * stream) , Memcpy (void * dest , const void * src , size_t count). When the actual read-in characters from the source address exceed the size of destination buffer, two results will arise from the running procedure: sometimes some data in the memory close to the destination buffer will be revised; and sometimes the visit memory mistakes will be pointed out. Therefore much caution should be given to the use of C language library function when C language is employed to compile programs.System invoking is the function interface between programs in the consumer space and core programs of OS in the core space. It is just like a go-between sending requests of consumer course to the core. After the requests having been handled, it sends the results back to consumer space. In order to accomplish their missions, consumers should make use of system invoking, which is related to security problems. Therefore, unexpected security problems as well exist in some call functions of C language, such as getenv (), getopt ().Based on the analysis above of various insecure factors of C or C++ language, readers may get a further understanding of the language which is applied universally. C language is a popular computer high-level language. As any kind of language has more or less defects, it is an effective approach to avoid the system security vulnerability through acquiring more insights into C language and developing good programming habit.