97, 1/4 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   ¸Û¸Û
   http://www.hackerschool.org
   WIKI ¶Ç ´Ù¿îµÅ¼­ ÆÄÆ® 7 ¿©±â¿¡ ¿Ã¸³´Ï´Ù

http://www.hackerschool.org/HS_Boards/zboard.php?id=HS_Translate&no=57 [º¹»ç]


Does that help?
´äº¯ÀÌ µÆ³ª¿ä?

Any other questions before we get move forward?
°è¼Ó ÁøÇàÇϱ⿡ ¾Õ¼­ ¶Ç ´Ù¸¥ Áú¹® ÀÖ³ª¿ä?

ok, cool.
ÁÁ¾Æ¿ä

So, how do you review code?
±×·¡¼­ ¾î¶»°Ô Äڵ带 ¸®ºäÇÒ±î¿ä?

Ah.. the next part I'll talk will be very interactive
´ÙÀ½ ÆÄÆ®´Â ´ëÈ­ÇüÀÌ µÉ °ÍÀÔ´Ï´Ù.

I would like as much info from you guys as possible
¿©·¯ºÐµé¿¡°Ô¼­ ¸¹Àº Á¤º¸µéÀ» ±â´ëÇÏ°Ú½À´Ï´Ù.

We have already talked about the major portions.
ÀÌ¹Ì Áß¿äÇÑ ºÎºÐµé¿¡ ´ëÇؼ­´Â À̾߱⸦ ÇßÁö¿ä

And talked about threat analysis
±×¸®°í À§Çù ºÐ¼®¿¡ ´ëÇؼ­µµ À̾߱⸦ Çß°í¿ä

ok, the second step everyone should read code.
ÁÁ¾Æ¿ä, ´ÙÀ½ ´Ü°è·Î ¸ðµÎ°¡ ÄÚµå ¸®ºä¸¦ ÇØ¾ß ÇÕ´Ï´Ù

everyone should read code since they need to understand all the global variables and local variables.
¸ðµÎ°¡ ÄÚµå ¸®ºä¸¦ ÅëÇØ Àü¿ªº¯¼ö¿Í Áö¿ªº¯¼ö¸¦ ÀÌÇØÇϱâ À§Çؼ­ÀÔ´Ï´Ù.

It should be docummented and they should understand
ÀÌ°ÍÀº ¹®¼­È­µÅ¾ßÇÏ°í, ¸ðµÎ°¡ ÀÌÇØÇØ¾ß ÇÕ´Ï´Ù.

always always do 2 person reviews.
Ç×»ó 2¸íÀÌ ¸®ºä¸¦ ÇؾßÇÕ´Ï´Ù.

Not only the main person who is managing the code review project to lead it everyone should *** give a ** review of the code
ÄÚµå ¸®ºä ÇÁ·ÎÁ§Æ®¸¦ À̲ô´Â »ç¶÷»Ó¸¸ ¾Æ´Ï¶ó, ¸ðµÎ°¡ ÄÚµå ¸®ºä¸¦ ÇؾßÇÕ´Ï´Ù.

break the code into major chunks if you have done same thing with the DFD or broken the application into an application architecture or you own method
DFD¿Í °°Àº ¹æ½ÄÀ¸·Î Äڵ带 ³ª´©°Å³ª, ¾îÇø®ÄÉÀÌ¼Ç ¾ÆÅ°ÅØÃÄ ·¹º§·Î ³ª´©°Å³ª, ȤÀº ´ç½Å¸¸ÀÇ ¹æ¹ýÀ¸·Î ³ª´¯´Ï´Ù.

you want to break it down there because even indivisuals can't review major chunks of the code
°³°³ÀÎÀÌ ÄÚµåÀÇ ¸ÞÀÎ ¿µ¿ªÀ» ¸®ºäÇÒ ¼ö´Â ¾ø±â ¶§¹®¿¡ Äڵ带 ³ª´©¾î¾ß ÇÕ´Ï´Ù.

because you wont all the application code review by one person or one team ?***cal
¿Ö³Ä¸é ÇѸíÀÇ »ç¶÷¿¡ ÀÇÇØ ¸ðµç Äڵ尡 ¸®ºäµÇ±â¸¦ ¿øÇϱ⠶§¹®ÀÔ´Ï´Ù.

that communication constantly should not be at all
Áö¼ÓÀûÀ¸·Î Ä¿¹Â´ÏÄÉÀ̼ÇÇØ¾ß ÇÕ´Ï´Ù.

person access reviewing part of the documented code and person reviewing there's no real communication which happens all the time.
¹®¼­È­µÈ Äڵ忡 Á¢±ÙÇÏ´Â »ç¶÷°ú ½ÇÁ¦ ¸®ºäÇÏ°í ÀÖ´Â »ç¶÷ »çÀÌ¿¡ Ç×»ó Ä¿¹Â´ÏÄÉÀ̼ÇÀÌ ÀÌ·ç¾îÁöÁö´Â ¾Ê½À´Ï´Ù.

maintain code notes with the reviewer's name simply because of questions
¸®ºä¾îÀÇ À̸§À» ÀûÀ¸¸é¼­ Äڵ带 °ü¸®ÇØ¾ß ÇÏ´Â ÀÌÀ¯ÀÔ´Ï´Ù.

that happens so many times that uh.. somebody has gone through a function
ÀÌ·± ÀÏÀÌ Á¾Á¾ ¹ß»ýÇÕ´Ï´Ù. ´©±º°¡ ÇÔ¼ö Àüü¸¦ ¸®ºäÇß½À´Ï´Ù.

he's not written notes definetly his name when talk to him about it ** entire file  
±×·±µ¥ ±×¿¡ ´ëÇÑ À̸§¸¦ ³²±âÁö ¾Ê¾Ò½À´Ï´Ù.

why do ***** it helps reduce among the effort
±×°ÍÀÌ ³ë·ÂÀ» ÁÙ¿©Áֱ⠶§¹®ÀÔ´Ï´Ù.

detailed code analysis.
ÀÚ¼¼ÇÑ ÄÚµå ºÐ¼®

before we go into detailed code analysis,
Á»´õ ÀÚ¼¼ÇÑ ÄÚµå ºÐ¼®À¸·Î ³ª¾Æ°¡±â Àü¿¡

we will talk about one of the different techniques of doing a detailed code analysis.
ÀÚ¼¼ÇÑ ÄÚµå ºÐ¼®À» À§ÇÑ ¸î°¡Áö ´Ù¸¥ ¹æ¹ý¿¡ ´ëÇØ À̾߱âÇØ º¾½Ã´Ù

I recommend always always come up with a major lists of issues that you should review so that everyone game on the same page ok?
Àú´Â ¿©·¯ºÐÀÌ Ç×»ó Áß¿äÇÑ ÄÚµå ¸®ºä ¸®½ºÆ®¸¦ ¸¸µé°í, ¸ðµÎ°¡ ¶È°°Àº ÄÚµå ¸®ºä¸¦ ÇÒ¼ö ÀÖµµ·Ï Çϱ⸦ ±ÇÀåÇÕ´Ï´Ù.

So reviewing code I'm gonna talk about just three major issues, termination issues, validation issues, and calculation issues.
Àú´Â ¿©±â¼­ ¼¼ °¡Áö Áß¿äÇÑ ÁÖÁ¦¿¡ ´ëÇؼ­¸¸ À̾߱â ÇÏ°Ú½À´Ï´Ù. Á¾°á ¹®Á¦, À¯È¿¼º ¹®Á¦, ±×¸®°í °è»ê ¹®Á¦ÀÔ´Ï´Ù.

termination issues are again devided into major categories.
Á¾°á ¹®Á¦´Â ´Ù½Ã ¸î°¡Áö Áß¿äÇÑ ºÎºÐµé·Î ³ª´µ¾î Áý´Ï´Ù.

null termination and strlen, null termination and strncpy, condtional termination, and premature termination
NULL Á¾°á°ú strlen, NULL Á¾°á°ú strncpy, Á¶°ÇºÎ Á¾°á, ±×¸®°í ³Ê¹« À̸¥ Á¾°á

so, there's where I need your input.
ÀÚ, ¿©±âºÎÅÍ´Â ¿©·¯ºÐÀÇ Âü¿©°¡ ÇÊ¿äÇÕ´Ï´Ù.

I'm gonna put the point out there hopely you guys will be little more interactive
¿©·¯ºÐÀÌ Á»´õ Àû±ØÀûÀ¸·Î ÀÌ Äڵ忡¼­ ¾î¶² ¹®Á¦ÀÇ °¡´É¼ºÀÌ ÀÖ´ÂÁö ã¾Æ³» Áֽøé ÁÁ°Ú±º¿ä

and tell me what the possible problems will be in this piece of code.
±×¸®°í ÀÌ ÄÚµå ¾È¿¡ ¾î¶°ÇÑ ÀáÀçÀûÀÎ ¹®Á¦°¡ ÀÖ´ÂÁö Àú¿¡°Ô ¸»ÇØÁÖ¼¼¿ä.

Yes sir
¿¹ ±×ÂʺÐ

Integer overflow
Á¤¼ö ¿À¹öÇ÷οì ÀÔ´Ï´Ù.

Integer overflow? why?
Á¤¼ö ¿À¹öÇ÷οì¶ó°í¿ä? ¿ÖÁö¿ä?

*************************
´äº¯

perfect
¿Ïº®ÇÕ´Ï´Ù.

so, you said it's integer overflow and the reason is simply because strlen
ÀÚ, ÀúºÐ²²¼­ ´äÀÌ Á¤¼ö ¿À¹öÇ÷οì¶ó°í Çß°í, ±× ÀÌÀ¯´Â strlenÀ̱⠶§¹®À̶ó°í Çß½À´Ï´Ù.

what is strlen do?
strlenÀÌ ÇÏ´Â°Ô ¹¹Áö¿ä?

it does not count for the NULL
NULLÀ» ¼¼Áö ¾Ê½À´Ï´Ù.

and you need to ban and have one more place or there ****** integer overflow
ÇÑ ¹ÙÀÌÆ®ÀÇ °ø°£ÀÌ ´õ ÇÊ¿äÇÕ´Ï´Ù. ±×·¸Áö ¾ÊÀ¸¸é integer overflow°¡ ¹ß»ýÇÕ´Ï´Ù.

Any questions on that?
ÀÌ¿¡ ´ëÇØ Áú¹® ÀÖ³ª¿ä?

*************************
[Áú¹®]

right right. that would be. another technical
¸Â½À´Ï´Ù. ±×°Ç ´Ù¸¥ ±â¼úÀÔ´Ï´Ù.

ok uh.. the next one is null termination and strncpy.
ÁÁ¾Æ¿ä ´ÙÀ½Àº strncpy¿¡¼­ÀÇ NULL Á¾°á ¹®Á¦ÀÔ´Ï´Ù.

This should be pretty similar to what you just said
´ç½ÅÀÌ ¸»Çß´ø °Í°ú »ó´çÈ÷ ºñ½ÁÇÒ °ÍÀÔ´Ï´Ù.

Yes sir.
¿¹ ±×ÂʺÐ

*************************
[´äº¯]

absolutely correct
Á¤È®È÷ ¸Â½À´Ï´Ù.

So this is something slightly unique and lot of developments forget about this.
±×·¯´Ï±î ÀÌ°Ç ¾à°£ Ưº°ÇÏ°í ¸¹Àº °³¹ßÀÚµéÀÌ Àؾî¹ö¸®´Â °ÍÀÔ´Ï´Ù.

As MSDN actually exquisitely states this
MSDNÀº ½ÇÁ¦·Î ÀÌ°ÍÀ» ÀÚ¼¼È÷ ¾ð±ÞÇÏ°í ÀÖ½À´Ï´Ù.

that if this strncpy copy function copy that initial count by count that mean the size of what you putting over there.
strncpy´Â »ç¿ëÀÚ¿¡ ÀÇÇØ ÁöÁ¤µÈ count °ª¸¸Å­ º¹»ç¸¦ ÇÕ´Ï´Ù.

the characters of the string source to string dest
sourceÀÇ ¹®ÀÚ¿­µéÀ» dest·Î º¹»ç¸¦ ÇÕ´Ï´Ù.

right?
¸ÂÁö¿ä?

the count is if less then or equal to the length of the source an none character is not appended
Ä«¿îÆ® °ªÀÌ ¼Ò½ºÀÇ ±æÀ̺¸´Ù °ªÀÌ À۰ųª °°´Ù¸é, ¹®ÀÚ°¡ Ãß°¡µÇÁö ¾ÊÀ» °Ì´Ï´Ù.



  Hit : 1697     Date : 2011/06/02 05:57



    
97   7¹ø ÆÄÀÏ[4]     ¼­°æÀç
05/15 1485
96   °ÇÀÇ»çÇ×??[1]     ¼­°æÀç
05/10 1501
95   5¹ø ÆÄÀÏ[1]     ¼­°æÀç
05/10 1639
94   Áß±¹¾î ¹ø¿ªÀº ÇÊ¿ä ¾ø³ª¿ä?     ºÒ²É¿¬ÁÖ°¡
01/02 2350
93   ³²Àº 10¹ø, 11¹ø ÆÄÆ® ¸®½º´×&¹ø¿ª ÇØÁÖ½Ç ºÐ ã½À´Ï´Ù.[5]     ¸Û¸Û
11/17 2498
92   hackerwannabe´Ô, neb91´Ô, eplesky´Ô ÁøÇà»óȲ ¸»¾¸ÇØ Áֽñ⠹ٶø´Ï´Ù.[2]     ¸Û¸Û
08/23 2347
91   7¹ø, 9¹ø, 10¹ø, 11¹ø ÆÄÆ® ¸Ã¾ÆÁÖ½Ç ºÐ ¸ð½Ê´Ï´Ù~[9]     ¸Û¸Û
08/09 2399
90   l0phrack, heeya90, goodfacesong´ÔµéÀº ÁøÇà»óȲÀ» Àû¾îÁÖ¼¼¿ä[2]     ¸Û¸Û
08/08 2257
89   ÁøÇà»óȲ Á¤¸® (¸Þ¸ð¿ë)     ¸Û¸Û
08/05 2222
88   Á¦ 2ȸ ¹ø¿ª ÁøÇà»óȲ ´ñ±Û ¹Ù¶ø´Ï´Ù.[9]     ¸Û¸Û
08/02 1734
87   ÆÄÆ®1 ºÐ·®ÀÔ´Ï´Ù.     ¸Û¸Û
08/02 1891
86   [Á¦ 2ȸ] ¹ø¿ª ÆÄÆ®°¡ Á¤ÇØÁ³½À´Ï´Ù[12]     ¸Û¸Û
07/18 1887
85   ÀÚ¸· - ÃÖÁ¾ ¼öÁ¤º»ÀÔ´Ï´Ù~     ¸Û¸Û
06/30 1600
84   ÀÚ¸· - darkangel´Ô °Í°ú lycan´Ô °Í ÅëÇÕ     ¸Û¸Û
06/22 1820
83   µÎ ¹ø° ¹ø¿ª ´ë»ó °ü·Ã..[5]     ¸Û¸Û
06/16 1881
     RECON 2006 ±¦Âú¾Æº¸ÀÌ´Â ¹ßÇ¥ÁÖÁ¦µé ¸Þ¸ð ¸Û¸Û 06/14 2158
81   Á¦ 1ȸ ¹ø¿ª ÀÚ¸· °ü·ÃÀÔ´Ï´Ù.     ¸Û¸Û
06/02 1670
  WIKI ¶Ç ´Ù¿îµÅ¼­ ÆÄÆ® 7 ¿©±â¿¡ ¿Ã¸³´Ï´Ù     ¸Û¸Û
06/02 1696
79   ÆÄÆ® 7,8 ¸¶¹«¸® °ü·Ã..[1]     ¸Û¸Û
05/30 1468
78   [Á¦ 2ȸ] Á¦ 2ȸ ¸®½º´×&¹ø¿ª ÀÛ¾÷À» ½ÃÀÛÇÕ´Ï´Ù.[20]     ¸Û¸Û
07/14 2065
77   µÎ ¹ø° ¹ø¿ª ´ë»ó ¹Ì¸® Á¤ÇսôÙ~[8]     ¸Û¸Û
05/25 2034
76   Á¦ 1ȸ ¹ø¿ª ÀÚ¸· ´Þ¾ÆÁÖ½Ç ºÐ ã½À´Ï´Ù~[3]     ¸Û¸Û
05/25 1841
75   ÆÄÆ® 7, 8¸¸ Á¶±Ý ´õ º¸°­ÇÏ°í ¹ø¿ª Á¾·áÇÏ°Ú½À´Ï´Ù~!     ¸Û¸Û
05/25 1598
74   ¸®½º´× & ¹ø¿ª ½ÃÀÇ ±ÔÄ¢ÀÌ ¾÷µ¥ÀÌÆ® µÇ¾ú½À´Ï´Ù.     ¸Û¸Û
05/21 1664
73   5¿ù 20ÀÏ Á¤Æà ³»¿ë ¿ä¾àÀÔ´Ï´Ù.[4]     ¸Û¸Û
05/21 1597
1 [2][3][4]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org