发表新帖
发表新帖

Is buffer overflow/overrun possible in completely managed asp.net c# web application

后端 未结
关注
3 1742
暗喜
暗喜 2021-02-19 20:13

Can there be buffer overflow/overrun vulnerabilities in completely managed asp.net web portal.If yes how can this be tested.

相关标签:
3条回答
  • 粉色の甜心
    2021-02-19 20:30

    In the general case, you don't need to worry about buffer overruns. This is one of the major advantages of managed code, garbage collection being perhaps the other major advantage.

    There are a few edge cases that you should be aware of - any time your managed code interacts with unmanaged code (Win32 API calls, COM interop, P/Invoke, etc) there is a potential for buffer overruns in the unmanaged code, based on parameters passed in from managed code.

    Also code marked as "unsafe" can directly manipulate memory addresses in such a way as to cause buffer overflow. Most C# code is written without using the "unsafe" keyword, though.

    0 讨论(0)
  • 盖世英雄少女心
    2021-02-19 20:30

    I had a tool (HP Dev Inspect) detect a possible "Possible Parameter Buffer Overflow" within my ASP.NET app and it was because we didn't have a MaxLength="20" in one of our TextBoxes...

    0 讨论(0)
  • 甜味超标
    2021-02-19 20:40

    Not unless you exploit the webserver or .NET/ASP.NET stack itself.

    0 讨论(0)
 看不清?
提交回复
热议问题