- Buffer overflow happens when an unsafe buffer that reads in inputs goes outside the bounds of it’s intended memory address
- It can be deadly because the stack can be overwritten
- Can return an overwritten memory address by manipulating the
eip register, which is the instruction pointer (next instruction)
- It may be harder to overwrite local variables and less useful, since compiler optimization may not overwrite where you want it to.
- Can also susceptible to shellcode exploits
- Most compilers will check for this malicion. Memory address randomization + stack smashing checking. You may need to disable this for educational purposes.
- Some outdated functions in C such as
strcpy are vulnerable!
- Useful tools: gdb, objdump
- Keywords: stack smashing comes first, followed by segmentation fault. Error may occur if you go out of bounds