VOTD: Buffer Overflow Engineering Secure Software Last Revised: - - PowerPoint PPT Presentation

SWEN-331: Engineering Secure Software Benjamin S Meyers

VOTD: Buffer Overflow

Engineering Secure Software

Last Revised: August 17, 2020 1

SWEN-331: Engineering Secure Software Benjamin S Meyers

What is Buffer Overflow?

• Writing data outside of the intended buffer (memory space)

2

SWEN-331: Engineering Secure Software Benjamin S Meyers

How Do You Do It?

• String buffers in C

3

char secret [15] = “sesquipedalian”; printf(“\nSecret is: ”, secret); /* “sesquipedalian” */ char str [4]; printf(“\nPlease enter up to 3 characters: ”); scanf(“%s”, str); /* User enters “12XGotcha!” */ printf(“\nSecret is now: ”, secret); /* “otcha!” */

SWEN-331: Engineering Secure Software Benjamin S Meyers

Mitigations

• Keep track of your array sizes
• Check the size of your buffer as it is inputted
• In the case of C, use functions like strncpy() instead of

strcpy()

• Avoid functions like gets that don't check the input size

4

SWEN-331: Engineering Secure Software Benjamin S Meyers

Notes

• Buffer overflows have been very common for a long time
• If you are clever enough, you can override the return pointer
• n the stack frame so that your own code is then executed
• Languages that enforce array lengths are not susceptible to

this classic form (e.g. Java)

• Merely turning on the stack protector is not enough -- we

could easily craft an exploit that stays within the stack frame

5

SWEN-331: Engineering Secure Software Benjamin S Meyers 6

Source: https://xkcd.com/1354/