Skip to main content

Buffer Overflow Attacks

Buffer Overflowโ€‹

  • In C, many strings-related functions do not check the bound.
  • It may start to overwrite a fixed-sized array.
  • A savvy users may put a long input array, overwriting the return address with desired value.

Preventing Such Exploitsโ€‹

  • Use better functions.
    • scanf โ†’ sscanf
    • gets โ†’ getline
    • strcpy โ†’ strncpy
    • strcat โ†’ strncat
  • Use Canary Values
    • Compiler inserts random unique valuesโ€”canary valuesโ€”before return address
    • If the canary values are modified, crash.
  • Address Space Layout Randomization (ASLR)
    • Compiler randomize where the stack will start.
    • Makes hard to predict the desired return address.
      • Problem: nop sleds
      • Prepend as many nop instructions as possible before the exploit code
      • Yields a higher chance of an exploit.
  • Privilege & Access Control Bits
    • Mark a specific portion of the stack as non-executable.

Return Oriented Programmingโ€‹

  • Use Case: When the stack is marked as non-executable && position randomized.
  • Idea: Find useful attack instructions gadgets that already exists
    • because they are executable and not randomized in position.