Is buffer overflow/overrun possible in completely managed asp.net c# web application
Question
完全托管的asp.net Web门户网站中是否存在缓冲区溢出/溢出漏洞。如果可以,则可以对其进行测试。
3 answers
solution1
8 2008-10-01 07:01:31
In the general case, you don't need to worry about buffer overruns. This is one of the major advantages of managed code, garbage collection being perhaps the other major advantage.
There are a few edge cases that you should be aware of - any time your managed code interacts with unmanaged code (Win32 API calls, COM interop, P/Invoke, etc) there is a potential for buffer overruns in the unmanaged code, based on parameters passed in from managed code.
Also code marked as "unsafe" can directly manipulate memory addresses in such a way as to cause buffer overflow. Most C# code is written without using the "unsafe" keyword, though.
solution2
7 ACCPTED 2008-10-01 06:29:28
除非您利用Web服务器或.NET / ASP.NET堆栈本身。
solution3
0
我有一个工具(HP Dev Inspect)在我的ASP.NET应用程序中检测到可能的“可能的参数缓冲区溢出”,这是因为我们的一个TextBox中没有MaxLength =“20”...
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.