METHOD AND APPARATUS FOR PATCHING BINARY HAVING VULNERABILITY

US 20200134172A1
Filed: 11/13/2018
Published: 04/30/2020
Est. Priority Date: 10/31/2018
Status: Active Grant

First Claim

Patent Images

1. A method of patching a binary having vulnerability, the method comprising:

loading a first binary to be patched, into a memory;

generating a second binary by patching to call a stack frame initialization function from a vulnerable function of the first binary; and

executing the stack frame initialization function by calling the vulnerable function when the second binary is executed and initializing a stack frame area of the vulnerable function so as to automatically initialize a variable declared in the vulnerable function.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There is provided a method of patching a binary having vulnerability which is performed by a computing device. The method comprises loading a first binary to be patched, into a memory, generating a second binary by patching to call a stack frame initialization function from a vulnerable function of the first binary, executing the stack frame initialization function by calling the vulnerable function when the second binary is executed and initializing a stack frame area of the vulnerable function so as to automatically initialize a variable declared in the vulnerable function.

1 Citation

14 Claims

1. A method of patching a binary having vulnerability, the method comprising:
- loading a first binary to be patched, into a memory;
  
  generating a second binary by patching to call a stack frame initialization function from a vulnerable function of the first binary; and
  
  executing the stack frame initialization function by calling the vulnerable function when the second binary is executed and initializing a stack frame area of the vulnerable function so as to automatically initialize a variable declared in the vulnerable function.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the generating of the second binary comprises storing a plurality of pieces of data, generated while the patch is executed, in a database,wherein a key of the database is a serial number of a stack frame initialization patcher, and a value of the database comprises a hash value of the first binary, a path of the first binary, a hash value of the second binary, a path of the second binary, a serial number of a type of the patch applied by the stack frame initialization patcher, an input value used while the patch is executed, and information on whether the patch succeeds.
  - 3. The method of claim 1, wherein the generating of the second binary comprises:
    - obtaining a stack frame size of the vulnerable function by analyzing a first analysis-target block included in a basic block of the vulnerable function in the first binary for each instruction;
      
      storing the stack frame size in an execution setting file; and
      
      generating a patch point at a part immediately behind the first analysis-target block and inserting a caller block of the stack frame initialization function into the patch point.
  - 4. The method of claim 3, wherein the obtaining of the stack frame size of the vulnerable function by analyzing the first analysis-target block for each instruction comprises:
    - obtaining the stack frame size by using a stack pointer register value of the first analysis-target block.
  - 5. The method of claim 3, wherein the obtaining of the stack frame size of the vulnerable function by analyzing the first analysis-target block for each instruction comprises:
    - checking whether a stack smashing protector (SSP) which generates a canary area is applied to the first binary to prevent a buffer overflow; and
      
      excluding a size of the canary area from the stack frame size not to initialize the canary area.
  - 6. The method of claim 5, wherein the checking of whether the SSP is applied to the first binary comprises:
    - a primary verification operation of checking whether the SSP is applied to the binary by using a script which verifies whether the SSP is applied to the first binary; and
      
      a secondary verification operation of checking whether the canary area is present in the vulnerable function by analyzing a second analysis-target block of the vulnerable function.
  - 7. The method of claim 3, wherein the initializing of the stack frame area of the vulnerable function so as to automatically initialize the variable declared in the vulnerable function comprises:
    - initializing the stack frame of the vulnerable function by using a value obtained by calculating, by the stack frame initialization function, a distance from a point where a local variable of the stack frame initialization function is stored to a start point of the stack frame of the vulnerable function and the stack frame size.

8. A method of patching a binary having vulnerability, the method comprising:
- loading a first binary to be patched, into a memory;
  
  generating a second binary by patching so as to call a buffer size verification function instead of calling a vulnerable function of the first binary; and
  
  executing the buffer size verification function in advance of executing the vulnerable function when the second binary is executed and executing the vulnerable function after a buffer size of the vulnerable function is verified so as to automatically prevent a buffer overflow from occurring in the vulnerable function.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the generating of the second binary comprises:
    - obtaining a maximum stack availability value of the vulnerable function by analyzing a caller block of the vulnerable function in the first binary;
      
      storing the maximum stack availability value in an execution setting file; and
      
      substituting a caller block of the buffer size verification function for the caller block of the vulnerable function.
  - 10. The method of claim 9, wherein the obtaining of the maximum stack availability value of the vulnerable function by analyzing the caller block of the vulnerable function comprises:
    - obtaining a turn of a destination parameter among parameters of the vulnerable function by analyzing a parameter structure of the vulnerable function; and
      
      obtaining the maximum stack availability value by using a value of a register in which the destination parameter is stored.
  - 11. The method of claim 9, wherein the obtaining of the maximum stack availability value of the vulnerable function by analyzing the caller block of the vulnerable function comprises:
    - checking whether an SSP, which generates a canary area to prevent a buffer overflow, is applied to the first binary; and
      
      excluding a size of the canary area from the maximum stack availability value in order for a buffer writing operation not to be allowed for the canary area.
  - 12. The method of claim 11, wherein the checking of whether the SSP is applied to the binary comprises:
    - a primary verification operation of checking whether the SSP is applied to the binary by using a script which verifies whether the SSP is applied to the first binary; and
      
      a secondary verification operation of checking whether the canary area is present in the vulnerable function by analyzing a second analysis-target block of the vulnerable function.
  - 13. The method of claim 8, wherein the executing of the vulnerable function after the buffer size of the vulnerable function is verified so as to automatically prevent the buffer overflow from occurring in the vulnerable function comprises:
    - calling the buffer size verification function so as to verify whether the buffer size of the vulnerable function exceeds the maximum stack availability value; and
      
      changing the buffer size of the vulnerable function by using the maximum stack availability value and then calling the vulnerable function when the buffer size of the vulnerable function exceeds the maximum stack availability value.
  - 14. The method of claim 8, wherein the generating of the second binary comprises storing a plurality of pieces of data, generated while the patch is executed, in a database, and wherein a key of the database is a serial number of a buffer size verification patcher, and a value of the database comprises a hash value of the first binary, a path of the first binary, a hash value of the second binary, a path of the second binary, a serial number of a type of the patch applied by the buffer size verification patcher, an input value used while the patch is executed, and information on whether the patch succeeds.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Korea Internet & Security Agency
Original Assignee
Korea Internet & Security Agency
Inventors
KIM, Hwan Kuk, KIM, Tae Eun, JANG, Dae Il, BAE, Han Chul, KIM, Jong Ki, YOON, Soo Jin, JURN, Jee Soo, NA, Geon Bae

Granted Patent

US 11,238,151 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/54   by adding security routines...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/033   Test or assess software

G06F 8/65   Updates security arrangemen...

G06F 9/445   Program loading or initiati...

H04L 67/34   involving the movement of s...

METHOD AND APPARATUS FOR PATCHING BINARY HAVING VULNERABILITY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

1 Citation

14 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR PATCHING BINARY HAVING VULNERABILITY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

1 Citation

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links