Integer Overflow

From Guidance Share

Jump to: navigation, search

Contents

Description

An integer overflow condition exists when an integer, which has not been properly checked is used in the determination of an offset or size for memory allocation, copy or concatenation. If the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing an unexpectedly incorrect value.

Applies To

  • Languages: C, C++, Fortran, Assembly
  • Operating platforms: All

Example

Integer overflows can be complicated and difficult to detect. The following example is an attempt to show how an integer overflow may lead to undefined looping behavior:

short int bytesRec = 0;
char buf[SOMEBIGNUM];
while(bytesRec < MAXGET) {
bytesRec += getFromInput(buf+bytesRec);
}

In the above case, it is possible that bytesRec may overflow, continuously creating a lower number than MAXGET and also overwriting the first MAXGET-1 bytes of buf.

Impact

  • Availability: Integer overflows generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high.
  • Integrity: If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the integer overflow has resulted in a buffer overflow condition, data corruption will most likely take place.
  • Access control (instruction processing): Integer overflows can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program’s implicit security policy.

Vulnerabilities

  • Failure to check calculated values before accessing, modifying, or allocating memory

Countermeasures

  • Pre-design : Use a language or compiler that performs automatic bounds checking.
  • Design : Use of sanity checks and assertions at the object level. Ensure that all protocols are strictly defined, such that all out of bounds behavior can be identified simply.
  • Pre-design through Build: Canary style bounds checking, library changes which ensure the validity of chunk data, and other such fixes are possible but should not be relied upon.
  • Implementation: Sanity checks should be performed on all calculated values used for memory allocation, as an index, or for pointer arithmetic.

Vulnerability Patterns

How Tos

Personal tools