任何允许外部实体来输入数据的程序都容易受到恶意的攻击,例如缓冲区溢出和嵌入式控制字符。
Any program that allows an external entity to input data is vulnerable to malicious activity, such as buffer overflows and embedded control characters.
在发生了溢出(和数据丢失)时,两个函数都不会给出简单的报告,因此如果要检测缓冲区溢出,程序员就必须做更多的工作。
Neither function gives a simple report if an overflow (and data loss) has occurred, so programmers have to do even more work if they want to detect that.
攻击者也许能够通过改变函数中其他数据的值来利用缓冲区溢出;没有哪种方法能够防止这点。
An attacker may be able to exploit a buffer overflow by changing the value of other data in the function; none of these approaches counter that.
应用推荐