0
5.8kviews
Write in brief about Buffer overflow attack.
1 Answer
0
130views
  • In programming environment, a buffer is a space where data can be held. They are stored in a memory where the availability is finite.
  • Hence many programming environment demand buffer space be declared before compilation.
  • E.g. int a[10] will create an array and allot 10 memory locations to the array variable ‘a’
  • The array ‘a’ of previous example can take values from a[0] to a[9] . Now consider someone allotting a value to a ; ‘a[10]=23’.
  • A better real-world example is a person pouring 2-litres of water in to a 1-liter pitcher. The water once it reaches the 1-liter capacity will then start to overflow. The excess gets spilled away.
  • In similar way the subscript ‘10’ in a[10] is out of bounds. In such a situation, during program execution a buffer over flow error will occur.
  • There are some compiler which check for any such errors during compile-time itself (e.g. java) while some don’t (e.g. C compiler).
  • Even if the compiler check for such errors it may not sometimes detect such flaw like in ‘a[i]=22’ where ‘i’ value will be decided during run-time.
  • The most important discussion is to be why it’s such a grave problem. (Note: Buffer Overflow is considered as a threat to program and OS security)
  • As mentioned earlier, some compiler don’t check out-of-bounds error. They on receive an instruction as ‘a[10]=23’.
  • The compiler will store it at the memory location adjacent to a[9]’s memory location.
  • Now, an attacker who knows the structure of file-storage in a computer can purposely create a buffer-overflow and store the desired code he wants at location adjacent to ‘a[9]’.
  • If that area was an area where OS data was stored, then the user’s code has gained access OS level priority. If it affects user’s data area, then sensitive data may be lost.
  • Consider another scenario where buffer overlow attacks the call-stack area:
  • Intially the stack is looking as : [data][data]….
  • A program calls a function (subroutine). Control transfers to the function. But before that the return address to the calling function is stored in stack as

    [return_address][data][data]….

  • This subroutine can declare a dynamic buffer as ‘int xyz[5]’ . So it will allocate memory space in stack. [a0][a1][a2][a3][a4][return_address][data][data]…
  • Now the function calls xyz[i]=44 where i=5. It’s out of bound. Still space will be allocated sice the compiler cant detect it!!

    [a0][a1][a2][a3][a4][44][data][data]…….

  • The return address got overwritten by the value ‘44’. When the function ends, it will jump to location ‘44’ which can be a trap location where malicious code may be residing.
Please log in to add an answer.