Buffer overflow explained
Download as PPTX, PDF1 like1,138 views
Buffer overflow is a vulnerability caused by improper memory management in programs, often due to developer carelessness. It occurs when programs process user-provided data without proper bounds checking, leading to potential unauthorized access or program crashes. Prevention strategies include writing safe code, using secure libraries, and implementing protection measures available in modern operating systems.
![EX :
#include
#include int main(int argc, char **argv)
{
char buff[512];
if(argc < 2)
{
printf('Usage: %s n', argv[0]);
exit(0);
}
strcpy(buff, argv[1]);
printf('Your name: %sn', buff);
return 0;
}](https://image.slidesharecdn.com/bufferoverflowexplainedteja-140525001349-phpapp01/85/Buffer-overflow-explained-6-320.jpg)
![lets try by giving this program a test:
Normal Execution :
Demo@root:~/tut > gcc vuln1.c -o vuln1
Demo@root:~/tut > ./vuln1
Usage: ./vuln1
Demo@root:~/tut > ./vuln1 mercy
Your name: Fr3@k
Demo@root:~/tut >
Demo@root:~/tut > ./vuln1 `perl -e'print 'A' x 516' ` Your name:
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Segmentation fault (core dumped)
As we can see, this program is fully functional, and does what it is required to
do. But lets see what happens when we fill buff (argv[1]) with more than 512
chars:](https://image.slidesharecdn.com/bufferoverflowexplainedteja-140525001349-phpapp01/85/Buffer-overflow-explained-7-320.jpg)
Buffer overflow explained
- 2. What is buffer overflow? How a buffer overflow happens How to avoid overrun?
- 3. What is buffer overflow? • Buffer overflow are responsible for many vulnerabilities in operating system as well as application programs. • It’s a quiet technical freaky , it includes program source code , assembler listing , and debugging usage , which almost scares away lot of people without solid programming knowledge.
- 4. Cause : Buffer overflow attack have been there for a long time. It still exists partly because of the carelessness of the developer in the code. Prevention : Avoid writing bad codes
- 5. How a buffer overflow happens ? • The ultimate purpose of any program that runs on a computer is to process data of some kind. • Most don’t operate on fixed data, but on data that is ultimately provided by user, possibly pre-processed in some fashion. • The program needs to store data some where in computer’s memory, and this is point where problem starts • Buffer overflows are a common vulnerability on all platforms, but are by far the most commonly exploited bug on the linux/unix Operating systems. • Commonly buffer overflows are exploited to change the flow in a programs execution, so that it points to a different memory address or overwrites crucial memory segments.
- 6. EX : #include #include int main(int argc, char **argv) { char buff[512]; if(argc < 2) { printf('Usage: %s n', argv[0]); exit(0); } strcpy(buff, argv[1]); printf('Your name: %sn', buff); return 0; }
- 7. lets try by giving this program a test: Normal Execution : Demo@root:~/tut > gcc vuln1.c -o vuln1 Demo@root:~/tut > ./vuln1 Usage: ./vuln1 Demo@root:~/tut > ./vuln1 mercy Your name: Fr3@k Demo@root:~/tut > Demo@root:~/tut > ./vuln1 `perl -e'print 'A' x 516' ` Your name: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Segmentation fault (core dumped) As we can see, this program is fully functional, and does what it is required to do. But lets see what happens when we fill buff (argv[1]) with more than 512 chars:
- 9. • The program crashed due to a segmentation fault - we filled the buffer with more data than it was defined to hold, ending in an illegal address violation. • (Note: if you did not get a core dump it is most likely because you have not set a limit, at the command prompt type: ulimit -c unlimited: if this fails still, make sure you have write access in the executing directory, and make sure that the file is not suid, you will not get core dumps on suid files.)
- 10. How to avoid overrun?
- 11. Use of safe libraries • The problem of buffer overflows is common in the C and C++ languages because they expose low level representational details of buffers as containers for data types. Buffer overflows must thus be avoided by maintaining a high degree of correctness in code which performs buffer management. It has also long been recommended to avoid standard library functions which are not bounds checked, such as gets, scanf and strcpy. • Well-written and tested abstract data type libraries which centralize and automatically perform buffer management, including bounds checking, can reduce the occurrence and impact of buffer overflows.
- 12. Some Unix operating systems (e.g. OpenBSD, Mac OS X) ship with executable space protection (e.g. W^X). Some optional packages include: PaX Exec Shield Openwall Newer variants of Microsoft Windows also support executable space protection, called Data Execution Prevention. Proprietary add-ons include: – BufferShield – StackDefender