| Now, the buffer overflow is the most security problem in software. When the programmers forget to check the boundary of buffers or use some standard C library strings functions, those functions don't check the boundary of buffers the buffer overflow vulnerabilities would be produced.Through analyzing the theory and types of buffer overflow vulnerabilities, the format defines of the testing object are brought up, the manipulation on buffer and the status of buffer are defined. And the checking model of buffer overflow vulnerabilities is brought up that based on those definitions, at the same time four checking rules of buffer overflow and one theory are presented. When the buffer overflow vulnerabilities has been occurred, there must have two necessary conditions. First is the buffers had been defined in C source codes, the second is the programmer didn't check the boundary of the buffers. The buffer overflow vulnerabilities checked theory based on the buffers status checks buffer overflow vulnerabilities.A checking tool of buffer overflow is designed and implemented base on the checking model, it can overcome the heavy works that the comments are adding into source codes, and can prevent the executed codes being expanded. The checking tool scans the C source codes and checks the buffer overflow vulnerabilities in C source code bases three rules and the theory. The buffer overflow checking tool is composed of input module, accidence analyzed module, syntax analyzed module, semantic analyzed module and output module. The buffer overflow checking tool is implemented the capability that checking the pointer overflow, array overflow, record object overflow and some C standard library functions overflow in C source codes.The research and experimentation illuminated that the buffer overflow checking tool can check the pointer overflow, array overflow, record object overflow and some C standard library functions overflow vulnerabilities. And it can check the buffer overflow vulnerabilities in huge C source program fast. So the checking tool is an applied buffer overflow vulnerabilities checked tool. |
PDF Full Text Request