当前位置: 代码迷 >> 综合 >> Large stack use Severity:High Techniacl Impact:Denial of service, unreliable execution
  详细解决方案

Large stack use Severity:High Techniacl Impact:Denial of service, unreliable execution

热度:58   发布时间:2024-01-09 07:43:03.0

Q:Large stack use Severity:High Techniacl Impact:Denial of service, unreliable execution

Explain:

栈:在Windows下,栈是向低地址扩展的数据结构,是一块连续的内存的区域。这句话的意思是栈顶的地址和栈的最大容量是系统预先规定好的,在WINDOWS下,栈的大小是2M(也有的说是1M,总之是一个编译时就确定的常数),如果申请的空间超过栈的剩余空间时,将提示overflow。因此,能从栈获得的空间较小。

 堆和栈中的存储内容

栈: 在函数调用时,第一个进栈的是主函数中后的下一条指令(函数调用语句的下一条可执行语句)的地址,然后是函数的各个参数,在大多数的C编译器中,参数是由右往左入栈的,然后是函数中的局部变量。注意静态变量是不入栈的。
当本次函数调用结束后,局部变量先出栈,然后是参数,最后栈顶指针指向最开始存的地址,也就是主函数中的下一条指令,程序由该点继续运行。
堆:一般是在堆的头部用一个字节存放堆的大小。堆中的具体内容有程序员安排。

Coverity Info:

Severity: High
Technical Impact: Denial of service, unreliable execution
CWE 400: Uncontrolled Resource Consumption ('Resource Exhaustion')
Summary: The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.
Details: Limited resources include memory, file system storage, database connection pool entries, or CPU. If an attacker can trigger the allocation of these limited resources, but the number or size of the resources is not controlled, then the attacker could cause a denial of service that consumes all available resources. This would prevent valid users from accessing the software, and it could potentially have an impact on the surrounding environment. For example, a memory exhaustion attack against an application could slow down the application as well as its host operating system.
Remediation: Design throttling mechanisms into the system architecture. (节流机制)The best protection is to limit the amount of resources that an unauthorized user can cause to be expended.(限制未授权用户申请资源数) A strong authentication and access control model will help prevent such attacks from occurring in the first place.(加强认证) The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended.(限制数据库访问) To further limit the potential for a DoS(Denial of Service ) attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.
Solution:
避免申请超大数组:char a[large number]
改用while循环内多次写一个write_len=(total_len > MAX_PAGE_SIZE)?MAX_PAGE_SIZE:total_len,写完一次offset+=write_len,total_len-=write_len.
  相关解决方案