基于符号执行的格式化字符串漏洞自动验证方法研究

格式化字符串漏洞是一种常见的危害较大的软件漏洞.现有格式化字符串漏洞自动验证系统未充分考虑参数存储位置位于栈以外空间的情况,造成对该部分漏洞可利用性的误判.针对该问题,论文设计实现了一种基于符号执行的格式化字符串漏洞自动验证方法,首先根据参数符号信息检测当前格式化字符串函数漏洞,然后分别构建参数存储于不同内存空间情况下的漏洞验证符号约束,最后利用约束求解自动得到漏洞验证代码,实现了格式化字符串漏洞的自动验证.在Linux系统下对不同类型测试程序进行了实验,验证了方法的有效性.

Research on Automatic Exploit Generation Method of Format String Vulnerability Based on Symbolic Execution

Format string vulnerability is a common and harmful software vulnerability. The misjudgment of the exploitability posed by software vulnerability is as much about some of the existing format string vulnerability automatic exploit generation system as the parameter storage location is outside the stack. In view of this problem, an automatic exploit generation method of format string vulnerabilities is designed based on symbolic execution. First, the current format string function vulnerabilities are detected according to the parameter symbol information, and then the exploit constraints with parameters stored in different spaces are constructed respectively, and finally the exploit code is obtained by using the constraint solution. The automatic verification of format string vulnerability is realized. The experiments with different test programs under Linux system verify the effectiveness of the method.