|
http://www.hackerschool.org/HS_Boards/zboard.php?id=HS_Translate&no=34 [º¹»ç]
¸ø¾´°Ô ³Ê¹« ¸¹¾Æ¼ Á˼ÛÇÕ´Ï´Ù. ±×·¡µµ ÀÏ´Ü µ¥µå¶óÀÎÀÌ ³Ñ¾î°¬À¸´Ï Çؼ® µÈ°Í ±îÁö¸¸ ¿Ã¸®°Ú½À´Ï´Ù.
Does that help?
µµ¿òÀÌ ‰ç³ª¿ä?
Any other questions before we get more forward?
Áú¹® ´õ ÀÖ³ª¿ä?
ok, cool.
ÁÁ¾Æ¿ä ¸ÚÁö±º¿ä
So, how do you review code?
±×·¡¼ ¾î¶»°Ô Äڵ带 ¸®ºäÇÒ±î¿ä?
Ah the next part I taught(??) you very interactive
´ÙÀ½ ÆÄÆ®´Â Á¦°¡ ´ëÈÇüÀ¸·Î ÁøÇàÇÏ/°¡¸£Ä¡ °Ú½À´Ï´Ù.
I would like as much ***** as possbile
°¡´ÉÇÑ ¸¹Àº ´ë´ä(??) À» ±â´ëÇÏ°Ú½À´Ï´Ù.
We already talked about the major portions.
ÀÌ¹Ì Áß¿äÇÑ ºÎºÐµé¿¡ ´ëÇؼ´Â À̾߱⸦ ÇßÁö¿ä
And talked about threat analyses ****?
±×¸®°í À§Çù ºÐ¼®¿¡ ´ëÇؼµµ À̾߱⸦ Çß°í¿ä
ok, the second step everyone should read code.
ÁÁ¾Æ¿ä, ù¹ø° ´Ü°è·Î ¸ðµÎ°¡ Äڵ带 Àоî¾ß ÇÕ´Ï´Ù.
everyone read code since they need to understand all the global variables and local variables.
¸ðµÎ°¡ Àü¿ªº¯¼ö¿Í Áö¿ªº¯¼ö¸¦ ÀÌÇØÇϱâ À§Çؼ´Â Äڵ带 Àоî¾ß ÇÕ´Ï´Ù.
it should be docummented on *********
ÀÌ°ÍÀº *****¿¡ ¹®¼È µÇ¾î¾ß ÇÕ´Ï´Ù
They should understand always always do 2 possible reviews. ***********???
±×µéÀº ÀÌÇØÇØ¾ß ÇÕ´Ï´Ù Ç×»ó 2°¡Áö ¸®ºä¸¦ ÇÒ°ÍÀ» ?????
Not only the person who manage the code review read the code major chants???
Äڵ带 °ü¸®ÇÏ´Â »ç¶÷µµ Áß¿äÇÑ *******¸¦ Àоî¾ß ÇÏ°í
*********** or DFD or brocken application into architecture or you own method you want to break it down since you can review major chuncks of the code
******³ª µ¥ÀÌÅÍ È帧 µµÇ¥³ª Á¶°¢³ ¾îÇø®ÄÉÀ̼ÇÀ» ±¸Á¶ÀûÀ¸·Î ³ª´©°Å³ª(?) ȤÀº ¿©·¯ºÐ¸¸ÀÇ ¹æ¹ýÀ¸·Î ³ª´©¾î¾ß ÇÕ´Ï´Ù. ÄÚµåÀÇ Áß¿äÇÑ ºÎºÐÀ» ´Ù½Ã º¸±â À§Çؼ´Â
because you you want all the application review by one person
that communication constantly should not be at all person access review or one team of person that communicate constantly shouldro(??) be at all person access reviews communication code an there's no real communication which happens all the time.
(Á˼ÛÇÕ´Ï´Ù µµ´ëü ¹«½¼ ¼Ò¸®¸¦ Çϴ°ÇÁö Áö±Ý 6¹ø° µè°í Àִµ¥ ¹«½¼ ¶óÀÓÀ¸·Î ¹Û¿¡ ¾Èµé¸³´Ï´Ù. ±×·¯³ª ¹®¸Æ»óÀ¸·Î ¶æÀ» À¯ÃßÇØ º¸ÀÚ¸é)
¸®ºä¸¦ ¿©·¯ »ç¶÷ÀÌ ÇÒ °æ¿ì¿¡´Â ´ëºÎºÐÀÇ °æ¿ì¿¡ ¼·Î°¡ ½ÇÁúÀûÀÎ ´ëȸ¦ ³ª´©Áö ¾ÊÀ¸¹Ç·Î **************ÇØ¾ß ÇÕ´Ï´Ù.
maintain code notes with your name simply because of the question
ÄÚµå ³ëÆ®¸¦ À̸§°ú ÇÔ²² °ü¸®ÇÏ´Â ÀÌÀ¯´Â Áú¹®¶§¹®ÀÔ´Ï´Ù.
that happens so many times and someone has gone through a turdium(?) he's not ********* note and be has been **********go and talk to him about note and be has been ************go and talk to him about ok our entire file ***** why do *****reduce **********cone buck detailed code analysis.
(¶Ç´Ù¸¥ ·¦....¤¸¤µ....¿µ¾î°øºÎ ´Ù½Ã ÇÒ²²¿ä)
À¯Ãß : ¾î¶² »ç¶÷ÀÌ Àڱ⠰ÍÀÌ ¾Æ´Ñ ÄÚµå ¸®ºä¸¦ Àдٰ¡ ÀÌÇØÇÏÁö ¸øÇÏ¸é ±×°ÍÀ» ¾´»ç¶÷À» ã¾Æ¼ ¸®ºä¿¡ ´ëÇØ À̾߱â ÇؾßÇÏ´Â »óȲÀº ÀÚÁÖ ÀϾ´Ï´Ù. *************** ÀÚ¼¼ÇØÁø ÄÚµå ºÐ¼®.
before we go into detailed code analysis, we will talk about one of the different techniques of doing a detailed code analyis.
Á»´õ ÀÚ¼¼ÈµÈ ÄÚµå ºÐ¼®À¸·Î ³ª¾Æ°¡±â Àü¿¡ ¸î°¡Áö ´Ù¸¥ ÄÚµå ºÐ¼®À» À§ÇÑ ¹æ¹ý¿¡ ´ëÇØ À̾߱âÇØ º¾½Ã´Ù
I recommend always always come up with a major lists of review should review so that everyone game on the same beach ok?
Àú´Â ¿©·¯ºÐÀÌ Ç×»ó Áß¿äÇÑ Äڵ帮ºä ¸®½ºÆ®¸¦ ¸¸µé°í ¸ðµÎ°¡ ¶È°°Àº ÄÚµå ¸®ºä¸¦ ÇÒ¼ö ÀÖµµ·Ï Çϱ⸦ ±ÇÀåÇÕ´Ï´Ù. ¾Æ½Ã°Ú½À´Ï±î?
So we've been taught ******* I'm going to talk about few major issues, termination issue, validation issue, and calculation issue.
¿ì¸®°¡ ****¿¡ ´ëÇؼ °øºÎÇß½º¹Ç·Î Àú´Â ¸î°¡Áö Áß¿äÇÑ ÁÖÁ¦¿¡ ´ëÇؼ À̾߱â ÇÏ°Ú½À´Ï´Ù. Á¾°á, ÀÎÁõ ±×¸®°í °è»ê ÀÔ´Ï´Ù.
termination issue are again devided into major categories.
Á¾°á¹®Á¦´Â ´Ù½Ã ¸î°¡Áö Áß¿äÇÑ ºÎºÐµé·Î ³ª´©¾î Áý´Ï´Ù.
null termination and strlen, null termination and strncpy, condtional termination, premature termination
³Î Á¾°á, strlen Á¾°á(c++ÇÔ¼ö), strncpy Á¾°á(C++ÇÔ¼ö), Á¶°Ç Á¾°á, ³Ê¹« À̸¥ Á¾°á
so, there's where I need your input.
ÀÚ, ¿©±âºÎÅÍ´Â ¿©·¯ºÐÀÇ Âü¿©°¡ ÇÊ¿äÇÕ´Ï´Ù.
I'm gonna put the point out there hopely you guys will ******little bit more interactive and tell me what the possible problems will be in this piece of code.
¿©·¯ºÐÀÌ Á»´õ »óÈ£ÀûÀ̵Ǿî ÀÌ Äڵ忡¼ ¾î¶² ¹®Á¦ÀÇ °¡´É¼ºÀÌ ÀÖ´ÂÁö ã¾Æ³» Áֽøé ÁÁ°Ú±º¿ä
Yes sir
¿¹ ¼±»ý´Ô.
Integer overflow
Á¤¼ö ¿À¹öÇ÷οì ÀÔ´Ï´Ù.
Integer overflow? why?
Á¤¼ö ¿À¹öÇ÷οì¶ó°í¿ä? ¿ÖÁö¿ä?
***************(¼à¶ó¼à¶ó ¸¶ÀÌÅ© ÁöÁöÁ÷)**********
perfect
¿Ïº®ÇÕ´Ï´Ù.
so, you said integer overflow and the reason is simply because char ****
ÀÚ, ´ç½ÅÀº ´äÀÌ Á¤¼ö ¿À¹öÇ÷οì¶ó°í Çß°í ±× ÀÌÀ¯´Â °£´ÜÈ÷ char°¡ ****À̱⠶§¹®À̶ó°í Çß½À´Ï´Ù.
what is ***** do?
*****°¡ ÇÏ´Â°Ô ¹¹Áö¿ä?
it does not count for the Null.
null À» Ä¡Áö ¾Ê½À´Ï´Ù.(??)
and you need to ****and have one more place ******
?
Any questions on that?
ÀÌ¿¡ ´ëÇØ Áú¹® ÀÖ³ª¿ä?
*****************************************************more advice. right right. that would be. another technical *******************
´õ ¸¹Àº Á¶¾ð. ¸Â¾Æ¿ä ¸Â¾Æ. ±×·²°Å¿¹¿ä. ¶Ç´Ù¸¥ ±â¼úÀûÀÎ *********** (¤¸¤µ)
ok the next one is null termination and strncpy.
ÁÁ¾Æ¿ä ´ÙÀ½Àº ³Î Á¾°á°ú strncpyÀÔ´Ï´Ù.
This should be pretty similar to what you would say
´ç½ÅÀÌ ¸»Çß´ø °Í°ú »ó´çÈ÷ ºñ½ÁÇÒ °ÍÀÔ´Ï´Ù.(2ÁÙ À§¿¡ ¾î¶² »ç¶÷ÀÌ ¼à¶ó ¼à¶ó °Å¸° ³»¿ë)
Yes sir.
³× ¼±»ý´Ô
*************************
¤¸¤µ
absolutely correct
¹°·ÐÀÔ´Ï´Ù.
So this is something slightly unique and lot of people forget about this.
±×·¯´Ï±î ÀÌ°Ç ¾à°£ Ưº°ÇÏ°í ¸¹Àº »ç¶÷µéÀÌ Àؾî¹ö¸®´Â °ÍÀÔ´Ï´Ù.
As you **********actually it was the *************that if the ***********function.
¤¸¤µ
You need show ******** but will go over there.
¤¸¤µ
************8miscled(??)
¤¸¤µ
right?
¸ÂÁö¿ä?
the count is less then or equal to the length of strscource.
Ä«¿îÆ®´Â strsourceº¸´Ù À۰ųª °°¾Æ¾ß ÇÒ°ÍÀÔ´Ï´Ù. |
Hit : 1484 Date : 2011/05/15 03:34
|
97, 
3/4 
