VOTD: Integer Overflow Engineering Secure Software Last Revised: August 17, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1
What is Integer Overflow? An operation that creates a numeric value outside of the ● range that can be represented by a data type e.g. adding to a really large number to another that results in ● a wrap around e.g. casting a larger data type to a smaller one ( long to int ) ● SWEN-331: Engineering Secure Software Benjamin S Meyers 2
How Do You Do It? Java Integer.MAX_VALUE : 2147483647 (min: -2147483648) ● bank.balance = 0; bank.deposit(Integer.MAX_VALUE); // bank.balance is now 2147483647 bank.deposit(1); // bank.balance is now -2147483648 Casting long (64bit) to int (32bit) ● patient.id = 4294967314L; patient.id = (int) patient.id; // patient.id is now 18 SWEN-331: Engineering Secure Software Benjamin S Meyers 3
Mitigations Check the size of your integers, considering what would ● happen if it wrapped around Watch the casting - don't just ignore those compiler ● warnings! Libraries such as SafeInt or BigInteger might be more suitable ● if the problem is very complex SWEN-331: Engineering Secure Software Benjamin S Meyers 4
Notes A wraparound combined with a malloc operation can result ● in a zero-sized buffer being allocated -- leading to a zero-byte buffer, which will always be overflowed In practice, most integer wraparounds come from improper ● casting, not as much from math operations It's impractical to always check every integer for wraparound ● after every operation -- but, keep this as a consideration in sensitive situations SWEN-331: Engineering Secure Software Benjamin S Meyers 5
Source: https://xkcd.com/571/ SWEN-331: Engineering Secure Software Benjamin S Meyers 6
Recommend
More recommend
