VOTD: Buffer Overflow Engineering Secure Software Last Revised: August 17, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1
What is Buffer Overflow? Writing data outside of the intended buffer (memory space) ● SWEN-331: Engineering Secure Software Benjamin S Meyers 2
How Do You Do It? String buffers in C ● char secret [15] = “sesquipedalian”; printf(“\nSecret is: ”, secret); /* “sesquipedalian” */ char str [4]; printf(“\nPlease enter up to 3 characters: ”); scanf(“%s”, str); /* User enters “12XGotcha!” */ printf(“\nSecret is now: ”, secret); /* “otcha!” */ SWEN-331: Engineering Secure Software Benjamin S Meyers 3
Mitigations Keep track of your array sizes ● Check the size of your buffer as it is inputted ● In the case of C, use functions like strncpy() instead of ● strcpy() Avoid functions like gets that don't check the input size ● SWEN-331: Engineering Secure Software Benjamin S Meyers 4
Notes Buffer overflows have been very common for a long time ● If you are clever enough, you can override the return pointer ● on the stack frame so that your own code is then executed Languages that enforce array lengths are not susceptible to ● this classic form (e.g. Java) Merely turning on the stack protector is not enough -- we ● could easily craft an exploit that stays within the stack frame SWEN-331: Engineering Secure Software Benjamin S Meyers 5
Source: https://xkcd.com/1354/ SWEN-331: Engineering Secure Software Benjamin S Meyers 6
Recommend
More recommend
