1 / 14

Cstring problems

What is a buffer overflow?. Memoryglobal staticheapmalloc( ) , newStacknon-static local variabledvalue parametersBuffer is a contiguously allocated chunk of memory Anytime we put more data into a data structure than it was designed for.. Side Effects. The side effects of a buffer overflow

kaydence
Download Presentation

Cstring problems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. <cstring> problems CS-240 Dick Steflik

    2. What is a buffer overflow? Memory global static heap malloc( ) , new Stack non-static local variabled value parameters Buffer is a contiguously allocated chunk of memory Anytime we put more data into a data structure than it was designed for.

    3. Side Effects The side effects of a buffer overflow may: cause the program to work strangely cause the program to fail cause no noticeable problems. the program may continue without any noticeable problems

    4. Side Effects Depend on: How much data was written past the end of the buffer What data (if any) are overwritten Whether the program attempts to read data that are overwritten What data ends up replacing the memory that gets overwritten

    5. Three Basic Attacks Overrun a static buffer hurts data but little to no exposure for loss of control Stack smashing place attack code in memory, find some sloppy use of the runtime stack, use stack to transfer control to attack code Heap overflow much harder to exploit as there isnt usually a mechanism to gain control

    6. Defensive Programming The C Standard library has a number of highly susceptible function calls: gets( ) - reads data from stdin until eof or a newline character strcpy( ) - copies a string into a buffer, number of chars copied depend on length of source string

    7. strcpy()

    8. strcat( )

    9. sprintf( ) & vsprintf( )

    10. sprintf( ) & vsprintf( )

    11. scanf( ), sscanf( ), fscanf( ), vfscanf( )

    12. streadd( ) , strecpy( )

    13. strtrns( )

    14. functions to be wary of:

More Related