hacktricks/pentesting-web/integer-overflow.md

3.8 KiB

Estouro de Inteiro

Aprenda hacking AWS do zero ao herói com htARTE (HackTricks AWS Red Team Expert)!

{% tabs %} {% tab title="Rust" %}

fn main() {

let mut quantity = 2147483647;

let (mul_result, _) = i32::overflowing_mul(32767, quantity);
let (add_result, _) = i32::overflowing_add(1, quantity);

println!("{}", mul_result);
println!("{}", add_result);
}

{% endtab %}

{% tab title="C" %}

Integer Overflow

Integer overflow occurs when an arithmetic operation results in a value that exceeds the maximum size that the data type can hold. This can lead to unexpected behavior in the application, such as crashes, memory corruption, or even security vulnerabilities.

Example

#include <stdio.h>

int main() {
    unsigned int x = 4294967295; // Maximum value for a 32-bit unsigned integer
    x = x + 1;
    
    printf("Value of x: %u\n", x);

    return 0;
}

In this example, adding 1 to the maximum value of an unsigned 32-bit integer will result in an integer overflow, causing x to wrap around to 0.

To prevent integer overflow, developers should always validate input data, use data types that can accommodate the expected range of values, and implement checks to detect and handle potential overflows. {% endtab %}

#include <stdio.h>
#include <limits.h>

int main() {
int a = INT_MAX;
int b = 0;
int c = 0;

b = a * 100;
c = a + 1;

printf("%d\n", INT_MAX);
printf("%d\n", b);
printf("%d\n", c);
return 0;
}
Aprenda hacking na AWS do zero ao herói com htARTE (HackTricks AWS Red Team Expert)!