格式化字符串漏洞自动检测与测试用例生成*

格式化字符串漏洞是一种危害高、影响广的软件漏洞。当前漏洞检测方式存在人工依赖度高,误报率高,检测模型单一,未能充分考虑格式化字符串漏洞特点等多种局限性。针对以上问题,本文对格式化字符串漏洞特征进行分析,设计并实现了一种基于符号执行的格式化字符串漏洞自动检测与测试用例生成的系统。该方法可自动检测linux下二进制程序中格式化字符串漏洞的存在性,判定其是否可能导致任意内存读写危害,并生成稳定有效的测试用例。

Automatic Detection and Test Cases Generation of the Format String Vulnerability Based on Symbol Execution*

The format string vulnerability is a kind of software vulnerability which has high risk and wide impact. Currently, there are many limitations of vulnerability detection method, such as high degree of artificial dependence, high false positive rate, single detection model and failing to consider the characteristics of the format string vulnerability fully. To solve above problems, this paper analyzed the format string vulnerability. Then based on symbolic execution, the paper designed and produced a way to detect formatted string vulnerability and generate test cases automatically. This method could detect the existence of the format string vulnerability in Linux binary program automatically. Then it determined whether it could lead to harm, which allowed attackers to read or write arbitrary memory. Meanwhile it generated stable and effective test cases.