100 likes | 405 Views
An Introduction to Buffer Overflow Attacks. Novice. How Serious of a Problem Is This?. The effectiveness of the buffer overflow attack has been common knowledge in software circles since the 1980’s
E N D
How Serious of a Problem Is This? • The effectiveness of the buffer overflow attack has been common knowledge in software circles since the 1980’s • The Internet Worm used it in November 1988 to gain unauthorized access to many networks and systems nationwide • Still used today by hacking tools to gain “root” access to otherwise protected computers • The fix is a very simple change in the way we write array accesses; unfortunately, once code that has this vulnerability is deployed in the field, it is nearly impossible to stop a buffer overflow attack
This is a BUFFER of variables This is a variable int z Char y float x Computer MemoryOrganization What is a Buffer? • In the world of programming, a ‘buffer’ is a location where data is stored. • A variable has room for one instance of data (i.e. if the variable is of type ‘int’, it will hold only one integer) whereas a buffer can contain many instances of data (i.e. can hold a series of ‘char’, ‘int’ and ‘float’ values
What is a Buffer? • When we define a variable in C or C++, the compiler reserves a memory location for it according to its type. • For example, the following statement int my_variable; tells the compiler that somewhere in the program we will need to use my_variable and give it an integer value. The compiler will set aside the amount of memory necessary for the type of variable declared (two bytes for an integer variable) in our buffer. • For an array, the complier sets aside enough space for all of the elements in the array. • An assignment statement, like for example, my_variable = 5; tells the compiler to store the value 5 into the space that was reserved for my_variable.
How Do You “Overflow a Buffer?” • Suppose we define two arrays in a C++ program. Void main() { char A[10], B[40]; for (int i=0;i<40;i++) {A[i]=B[i]} } • Because B is larger than A, the loop copies 30 too many characters to A.
Other content 10bytes _A array A 40 bytes array B Other content How Do You “Overflow Buffer?” • Let’s try to visualize what happens in our buffer. • Our compiler creates two positions in the memory. Each char is one byte, so there is one space for A that is 10 bytes long, and one for B that is 40 bytes long.
Contents of array_B How Do You Overflow a Buffer? Since the size of array A is 10 and the size of array B is 40, we have 30 values that will not fit into A. These values are written to the memory locations above array A, which do not belong to array A. What happens to these values? Other content array A The 30 bytes that did not fit in array A. array B Other content
What Happens to The Extra 30 Values? • During this copy procedure, it is obvious that we lost 30 bytes of data. This is the least important consequence of overflowing a buffer. • The problem is that we wrote over a memory region that doesn’t belong to array A. This memory region could have been empty, or it could have contained important information that the program uses, or even the program itself. • Hackers can use this mechanism on purpose to change vital information about a program so that they can either access a computer or destroy data as they please.
How Do We Avoid A Buffer Overflow? • Every time we copy one array into another, we need to check that they are the same size. • Every time a function modifies a value, we should check to make sure that it will not modify any values but ones assigned to it.