C语言漏洞 on 办公AI智能小助手 https://blog.qife122.com/tags/c%E8%AF%AD%E8%A8%80%E6%BC%8F%E6%B4%9E/ Recent content in C语言漏洞 on 办公AI智能小助手 Hugo zh-cn qife Fri, 31 Oct 2025 22:34:42 +0800 cURL中废弃strcpy()函数在进度格式化中的安全风险分析 https://blog.qife122.com/p/curl%E4%B8%AD%E5%BA%9F%E5%BC%83strcpy%E5%87%BD%E6%95%B0%E5%9C%A8%E8%BF%9B%E5%BA%A6%E6%A0%BC%E5%BC%8F%E5%8C%96%E4%B8%AD%E7%9A%84%E5%AE%89%E5%85%A8%E9%A3%8E%E9%99%A9%E5%88%86%E6%9E%90/ Fri, 31 Oct 2025 22:34:42 +0800 https://blog.qife122.com/p/curl%E4%B8%AD%E5%BA%9F%E5%BC%83strcpy%E5%87%BD%E6%95%B0%E5%9C%A8%E8%BF%9B%E5%BA%A6%E6%A0%BC%E5%BC%8F%E5%8C%96%E4%B8%AD%E7%9A%84%E5%AE%89%E5%85%A8%E9%A3%8E%E9%99%A9%E5%88%86%E6%9E%90/ <h1 id="curl中废弃strcpy函数在进度格式化中的安全风险分析">cURL中废弃strcpy()函数在进度格式化中的安全风险分析</h1> <h2 id="漏洞发现过程">漏洞发现过程</h2> <h3 id="步骤2定位tool_progressc中的漏洞代码">步骤2:定位tool_progress.c中的漏洞代码</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 在tool_progress.c中查找确切的strcpy使用</span> </span></span><span class="line"><span class="cl">grep -n <span class="s2">&#34;strcpy&#34;</span> ./src/tool_progress.c </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 输出:</span> </span></span><span class="line"><span class="cl"><span class="c1"># 94: strcpy(r, &#34;--:--:--&#34;);</span> </span></span></code></pre></td></tr></table> </div> </div><h3 id="步骤3分析漏洞函数">步骤3:分析漏洞函数</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 查看完整的time2str函数</span> </span></span><span class="line"><span class="cl">sed -n <span class="s1">&#39;/^static void time2str/,/^}/p&#39;</span> ./src/tool_progress.c </span></span></code></pre></td></tr></table> </div> </div><p><strong>发现的漏洞函数:</strong></p> cURL连接缓存中的堆缓冲区溢出漏洞分析 https://blog.qife122.com/p/curl%E8%BF%9E%E6%8E%A5%E7%BC%93%E5%AD%98%E4%B8%AD%E7%9A%84%E5%A0%86%E7%BC%93%E5%86%B2%E5%8C%BA%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ Wed, 10 Sep 2025 14:28:21 +0800 https://blog.qife122.com/p/curl%E8%BF%9E%E6%8E%A5%E7%BC%93%E5%AD%98%E4%B8%AD%E7%9A%84%E5%A0%86%E7%BC%93%E5%86%B2%E5%8C%BA%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ <h1 id="报告-3156384---conncachec中的堆缓冲区溢出漏洞指针数组错误使用导致内存越界写入">报告 #3156384 - conncache.c中的堆缓冲区溢出漏洞:指针数组错误使用导致内存越界写入</h1> <h2 id="漏洞描述">漏洞描述</h2> <p>在conncache.c文件中,cpool_bundle结构体错误地使用了指针数组(<code>char *dest[1]</code>)而非柔性数组(<code>char dest[]</code>)来存储字符串数据,导致在cpool_bundle_create函数中调用memcpy时发生堆缓冲区溢出。</p>