Buffer Overflow Maddikayala jagadish CSCI 5931 Web Security
Buffer Overflow Maddikayala, jagadish. CSCI 5931 Web Security Prof. T. Andrew Yang Monday Feb. 23
What is Buffer Overflow? l l A buffer is a contiguous allocated chunk of memory, such as an array or a pointer in C Buffer overflow occurs when a program or process tries to store more data in a buffer than it was intended to hold Buffer overflows are exploited to change the flow of a program in execution Buffer overflows are by far the most commonly exploited bug on the linux/unix Operating systems CSCI 5931 Web Security
Process Memory Organization env, argv strings High addess. bss. data Heap char global; int main(){ char global = ‘a’; Char *var = malloc(3); …. int main(){ }… … env, argv pointers stack }} . data int main(){ static int var; to an address which var points int main(){ … is in the static charheap var = ‘a’; }… . text } globaland andvar varwillbe beinin. bss. data heap. bss Low address CSCI 5931 Web Security
Buffer Organization � z l l l Storage of xyz buffer. Buffer � z “xyz” y xin memory Two consecutive � e buffers, xyz and abcde. d c b a y x Unused byte 1 word = 4 bytes CSCI 5931 Web Security
![Examples l l char a[5]="yang"; char b[9]="security"; strcpy(b, "maddikayala"); printf("%sn", a); Initial stack organization](http://slidetodoc.com/presentation_image_h2/b62de9c45434a14688a90ed7161f2e85/image-5.jpg "Examples l l char a[5]=\"yang\"; char b[9]=\"security\"; strcpy(b, \"maddikayala\"); printf(\"%sn\", a); Initial stack organization")
Examples l l char a[5]="yang"; char b[9]="security"; strcpy(b, "maddikayala"); printf("%sn", a); Initial stack organization � g n a y � y t i r u c e s a b After the overflow g n � a y a a l k � y a i d a m d CSCI 5931 Web Security a b
![Examples l l char a[4]="tom"; char b[8]="michael"; strcpy(b, "maddikayala"); printf("%sn", a); Initial stack organization](http://slidetodoc.com/presentation_image_h2/b62de9c45434a14688a90ed7161f2e85/image-6.jpg "Examples l l char a[4]=\"tom\"; char b[8]=\"michael\"; strcpy(b, \"maddikayala\"); printf(\"%sn\", a); Initial stack organization")
Examples l l char a[4]="tom"; char b[8]="michael"; strcpy(b, "maddikayala"); printf("%sn", a); Initial stack organization � m o t � l a e h c i m a b After the overflow � a y a d d l k a a i m a overwritten b This is the kind of vulnerability used in buffer overflow exploits CSCI 5931 Web Security
Buffer Overflow Countermeasures l l l Write secure code Non-executable Buffers Advanced debugging tools – – – l Fault injection tools Static analysis tools Stack. Shield and Stack. Guard Compilers – – offer warnings on the use of unsafe constructs such as gets (), strcpy () generate the code with built-in safeguards to prevent the use of illegal addresses CSCI 5931 Web Security
References l l l l http: //mixter. void. ru/exploit. html http: //www. linuxjournal. com/article. php? sid=6701 http: //www. linuxjournal. com/article. php? sid=2902 http: //www. devbuilder. org/asp/dev_article. asp? aspid=43 http: //immunix. org/Stack. Guard/discex 00. pdf http: //www. infosecwriters. com/texts. php? op=display&id=134 http: //searchsecurity. techtarget. com/s. Definition/0, , sid 14_gci 549 024, 00. html CSCI 5931 Web Security
Thank you Any Questions? ? ? CSCI 5931 Web Security
- Slides: 9