The program invokes a potentially dangerous function that could introduce vulnerability if it is used incorrectly, but the function can also be used safely.
Certain functions can be dangerous if used incorrectly. Thread .stop() is such a function. Thread .stop() causes the thread to die immediately, which means it will not be able to maintain any invariants that it was responsible for. For example, it will immediately release all locks that it held, which may result in objects becoming visible in an inconsistent state. This can cause unexpected behavior.
– Use of Dangerous Function include
gets() -> fgets()
strcpy() -> strncpy()
strcat() -> strncat()
sprintf() -> snprintf()
– Certain standard library functions are dangerous to call.
– The local buffer and blindly copies the data with the potentially dangerous strcpy() function.
– A buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.
– A buffer overflow condition if an attacker can influence the contents of the string parameter.
Use a language or compiler that performs automatic bounds checking.
Use secure functions not vulnerable to buffer overflow.
If you have to use dangerous functions, make sure that you do boundary checking.
Implement- Stack Guard, ProPolice and the Microsoft Visual Studio, /GS flag these are the compiler based canary mechanisms.Unless this provides automatic bounds checking, it is not a complete solution.
this provides automatic bounds checking, it is not a complete solution.
Use OS-level preventative functionality. Not a complete solution.
Do not unnecessarily expose services.