Buffer Overflows
Docsity.com
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Guidelines and tips
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community
Ask the community for help and clear up your study doubts
University Rankings
Discover the best universities in your country according to Docsity users
Free resources
Our save-the-student-ebooks!
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
Buffer Overflows: Understanding and Preventing Memory Vulnerabilities, Slides of Software Engineering
An overview of buffer overflows, a common memory vulnerability. It explains how buffer overflows occur, their effects, and the methods attackers use to exploit them. Additionally, it discusses defensive measures to prevent buffer overflows, such as canaries, write xor execute, aslr, and safer coding practices.
Typology: Slides
2012/2013
1 / 16
This page cannot be seen from the preview
Don't miss anything!
Related documents
Partial preview of the text
Download Buffer Overflows: Understanding and Preventing Memory Vulnerabilities and more Slides Software Engineering in PDF only on Docsity!
Buffer Overflows
Acknowledgements
Wikipedia and its contributors (various
articles; Buffer overflow, scanf, strcpy,
Buffer overflow protection, Heap overflow,
Stack buffer overflow…)
Google Seminar and its presenters
Writing Secure Code 2 nd^ Edition by Michael
Howard and David LeBlanc. Microsoft Press
Overview
Allocate memory (fixed size)
Input to the buffer exceeds the buffer size
Unchecked bounds overwriting memory
Checked bounds
Raise exception (Java and .NET) Truncate input
What’s in memory?
Data and code -- von Neumann architecture
Cases and Effects
Unallocated page boundary / wrong access
mode:
SIGSEGV, Access Violation, etc. The program terminates Slightly annoying, but what if it didn’t happen?
Cases and Effects
What if it’s on the stack?
Allocated page Potentially visible changes Corruption Controlled corruption Stack smashing
Cases and Effects
What if it’s on the heap?
Change the value of variables DisableSecurity = true Clobber pointers (linked lists, trees, …) Alter malloc() data! Change what memory ranges are used/free Use dynamically allocated memory (same location as something previously allocated) as an alias. Useful to overwrite function pointers!
Problems for Attackers
Find the location of the buffer
Not a big issue, since the code is usually loaded in the same place for performance Use a “NOP sled” Pad the payload with NOP instructions, or effectively NOP instructions Jump anywhere into the NOP sled to get to the payload
0x00 in the address (=string terminator)
Defensive Measures
Canaries
Pad buffers with a random, secret value determined at compile time or runtime Check to see if the secret value is the same before allowing transfer of control If you smash the boundaries of the array on the stack, how do you know what the values are?
Defensive Measures
ASLR
Randomize locations for loading of code Requires compiler, linker, and runtime support for position-independent code (PIC) Prevent attackers from being able to jump reliably to function calls or payload in the stack Why? Because regular code is linked in by the runtime linker whereas the payload is not
Defensive Measures
Stop using unsafe code!
strcpy strlcpy strncat strlcat scanf fgets on %s gets fgets
Use a safer language
Anything with bounds checking – Java, C#, VB.net, Python, Perl, Ruby, PHP, D… …but be careful when calling C/C++/asm libraries