more on buffer overflows

10
More on Buffer Overflows

Upload: mauli

Post on 24-Feb-2016

98 views

Category:

Documents


0 download

DESCRIPTION

More on Buffer Overflows. Buffer Overflow. Recap: very simply, a buffer overflow is when a program overruns the boundary of a buffer’s allocated space and overwrites adjacent memory. char A[8]; unsigned short B; s trcpy (A, “excessive”);. A simple vulnerability. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: More on  Buffer Overflows

More on Buffer Overflows

Page 2: More on  Buffer Overflows

Buffer Overflow

Recap: very simply, a buffer overflow is when a program overruns the boundary of a buffer’s allocated space and overwrites adjacent memory.char A[8];unsigned short B;strcpy(A, “excessive”);

Page 3: More on  Buffer Overflows

A simple vulnerability

Simple code vulnerabilities use functions that don’t check whether a buffer’s bounds are overwritten.

Page 4: More on  Buffer Overflows

More complex

More complex attacks take into account what other pieces of data are nearby on the stack:

Page 5: More on  Buffer Overflows

And another

Even without code being called inside the program, can still mess with the intent of the program. Note that non-execute bits won’t help stop

this one!

Page 6: More on  Buffer Overflows

Even worse It’s not hard to get function pointers

overwritten, even with no execution allowed:

Page 7: More on  Buffer Overflows

Fixing these issues

Fixing is largely a matter of not using unsafe functions.

Page 8: More on  Buffer Overflows

Caution: Care is still needed, however – check this

next one, which appears secure. What is the bug here?

Page 9: More on  Buffer Overflows

But could this really happen?

Page 10: More on  Buffer Overflows

And now a few HW hints…

Sorry, had to come in person! Aren’t you glad you came today? =)