cs 241 data organization buffer overflows
play

CS 241 Data Organization Buffer Overflows December 4, 2018 The - PowerPoint PPT Presentation

CS 241 Data Organization Buffer Overflows December 4, 2018 The Problem Exploitation Use large strings (or other datatypes) to overflow a buffer Craft input to make the server do whatever you want Easy to crash a program Harder


  1. CS 241 Data Organization Buffer Overflows December 4, 2018

  2. The Problem

  3. Exploitation • Use large strings (or other datatypes) to overflow a buffer • Craft input to make the server do whatever you want • Easy to crash a program • Harder to “program the program”!

  4. C call stack call stack

  5. Stack Frame Stack

  6. Smashing the Stack for Fun and Profit • Idea: Overflow a buffer to overwrite the return address • When function is done, it’ll jump to that address. • Put some code in a buffer and send the return address to point to it.

  7. Issues • How do we know what value the pointer should have? • How do we build a “small program” and stuff it into a buffer?

  8. Demo Demo

  9. NOP slide • Most CPUs have a No-Operation instruction it does nothing but advance the instruction pointer. • Usually we can put a bunch of these ahead of our program (in the string). • As long as the new return-address points to a NOP we are OK.

  10. Other C security issues • Buffer overflow is just the most common programming problem exploited. • Integer arithmetic can also be a problem! • foo = malloc(num * sizeof(struct blah)); • What if num is 2 32 − 1? What if num is -1?

  11. Summary • C is hard. • Don’t use strcpy on user input. • Check return value on library calls.

Recommend


More recommend