| The C programming language is one of the most wildly used languages. However, there are some security problems in it, for example, format string vulnerabilities, a typical one. Though appearing relatively late, it has done as much harm as other notorious defects, such as Buffer Overflow. Experienced attackers can exploit it to modify the return address of a function call, resulting in the execution of malicious codes, so as to get the root privilege to do whatever they want.CQual is a lightweight program analysis tool. Like other static analysis tools, it may lead to a few false positives in some situations. In this paper, we analyze the false positive of the structs through a piece of code. In order to reduce the false positive and improve the precision, we add a record type to lambda calculus to imitate the structs in C, and based on that ,we model the relation among fields of structs, and expand the rules of type inference, type checking and constraint solving. Theoretically, it will reduce some false positives in format string bugs detection, const inference and dead lock detection .In order to evaluate the extension of CQual, we build a tool named ECQual based on CQual. In the experiment, we use ECQual to check the format string bugs in a few network programs. Compared with the results of CQual, it removes a kind of false positives,which are related to fields of structs..Based on former thoughts of format string bugs detection, we propose a novel method named LibFmtGrd , which combines DLL injection and comparison of the number of parameters to detect potential format string attacks. We implement the tool on the Linux platform and do some experiments. The results reveal that it can find most kinds of format string bugs, and when compared with FormatGuard and FormatShield ,the runtime burden having been reduced by 0.17% and 2.29% respectively. |
PDF Full Text Request