Buffer Overflow

  • Buffer overflow happens when an unsafe buffer that reads in inputs goes outside the bounds of it’s intended memory address
  • It can be deadly because the stack can be overwritten
  • Can return an overwritten memory address by manipulating the eip register, which is the instruction pointer (next instruction)
  • It may be harder to overwrite local variables and less useful, since compiler optimization may not overwrite where you want it to.
  • Can also susceptible to shellcode exploits
  • Most compilers will check for this malicion. Memory address randomization + stack smashing checking. You may need to disable this for educational purposes.
  • Some outdated functions in C such as gets and strcpy are vulnerable!
  • Useful tools: gdb, objdump
  • Keywords: stack smashing comes first, followed by segmentation fault. Error may occur if you go out of bounds

References

Like this post? Subscribe for more.

Kevin Chow
Kevin Chow
Fledging Computer Scientist
Next
Previous