1 / 8

CS4236 Tutorial 5 Question 1

CS4236 Tutorial 5 Question 1. Chuan Huey Ling. Question. I Disagree. Why? (Background). Previously discussed stack smashing attack. (taken from the article on buffer overflow from cs4236 website). What if?. The stack and the string buffer grow upwards.

miron
Download Presentation

CS4236 Tutorial 5 Question 1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS4236 Tutorial 5 Question 1 Chuan Huey Ling

  2. Question I Disagree.

  3. Why? (Background) • Previously discussed stack smashing attack.(taken from the article on buffer overflow from cs4236 website)

  4. What if? • The stack and the string buffer grow upwards. • Unable to apply the stack smashing attack because the return address is below. (Only true for the case below where there is only 1 stack frame)

  5. What if? • Function calls an unsafe function that takes in a pointer to the caller’s buffer. • Eg. foo(){ char buf[20]; otherFunction(buf); } otherFunction(char *b) { gets(b); //some unsafe function over here }

  6. What will happen? Recall that otherFunction is using a pointer to the local variables in the foo function so it is able to write data into the buffer. Stack frame of otherFunction Stack frame of foo

  7. What will happen? Stack frame of otherFunction Stack Smashing on the return address of otherFunction Stack frame of foo Therefore, otherFunction’s return address is overwritten

  8. Conclusion • Stack that grows upwards is still vulnerable to stack smashing attacks. • Some unsafe functions are gets(), strcpy() and sprintf(). • These types are function are potentially vulnerable no matter whether the stack grows up or down. void foo(char *s) { char buf[10]; strcpy(buf, s); //unsafe functions }

More Related