wisemonkeys logo
FeedNotificationProfileManage Forms
FeedNotificationSearchSign in
wisemonkeys logo

Blogs

Explaining Buffer Overflow with Example

profile
Genius Ape
Dec 01, 2018
0 Likes
0 Discussions
575 Reads
Firdous Shaikh       Author : Firdous Shaikh     

Let’s understand Buffer Overflow

A buffer is a temporary area for data storage (also used for storing program code). When more data (than was originally allocated to be stored) gets placed by a program or system process, the extra data overflows. It causes some of that data to leak out into other buffers, which can corrupt or overwrite whatever data they were holding. If this overwrites adjacent data or executable code, this may result in wrong program behaviour, including memory access errors, incorrect results, and crashes. Exploiting the behaviour of a buffer overflow is a well-known security exploit. On many systems, the memory layout of a program, or the system as a whole, is well defined. By sending in data designed to cause a buffer overflow, it is possible to write into areas known to hold executable code and replace it with malicious code.

The Buffer Overflow attack example

C and C++ programming languages provide no built-in protection against accessing or overwriting data in any part of memory and do not automatically check, whether the data written in the data-type is within its boundaries. So here, we use an array which is a built-in buffer data type, that can intake inputs for our demo. The program works perfect when the inputs are inside the range, but when value size increases the range, the access violation, segmentation fault error is encountered by the user, given by the system:  

***stack smashing detected***: [execution] terminated

Aborted (core dumped)

  Our program is prototype to a larger and more diverse attack consequence, and much fierce attacks can take down entire RAM capacities to crash (also traits of a Denial of Service attack).   The Program… Explained!  
  1. The program starts with creating a character buffer, in which we will pass a string to test its range.
  2. The buffer (array) here, is 5 bytes plus the terminating NULL.
  3. Thus Maximum allocation can be 2 double words, i.e. we need to input more than 8 bytes for the buffer overflow to take place.
  4. That the user does not provide a value, the program handles that by terminating.
  5. If there is an input, the strcpy() copies the user input to the buffer, without any bound checking.
  6. Finally, the output is according to the input range.
        The Program
#include <stdio.h> #include <string.h> #include <stdlib.h> int main(int argc, char *argv[]) { char buffer[5]; if (argc < 2) { printf("strcpy() NOT executed....\n"); printf("Syntax: %s <characters>\n", argv[0]); exit(0); } strcpy(buffer, argv[1]); printf("buffer content= %s\n", buffer); // you may want to try strcpy_s() printf("strcpy() executed...\n"); return 0; }  
  Steps for execution (The C program can be run in its compiler, over all platforms. Here we have used Ubuntu Linux).  
  1. Save the program in any editor with the extension .cpp (blowfish.cpp)
  2. Make sure you have the compiler, interpreter installed. In the terminal, type the following.

sudo apt-get install g++

sudo apt-get update

 
  1. To compile the program, type:

g++ -g3 –ggdb -o0 –Wall –Wextra –unused –o BufferOverFlowOP bufferoverflow.cpp   –lcryptopp

 
  1. To run the program, type:

./BlowfishOP [input range]

      The Output: Buffer Overflow with Example

Comments ()


Sign in

Read Next

Palm Vein Biometric Technology; Contactless vein authentication

Blog banner

Virtual Machine's

Blog banner

6 Digital Marketing Trends You Must Watch Out For In 2022

Blog banner

Understanding Mobile Device Forensics

Blog banner

Why Your Child Cries at Drop-Off and How Preschools Handle It Gently

Blog banner

Computer Security

Blog banner

DATA BREACH CAUSES CHALLENGES PREVENTION AND FUTURE DIRECTIONS

Blog banner

Process Description

Blog banner

Autonomy Vehicles: Future Ki Gadiya

Blog banner

Mumbai Metro 3

Blog banner

Data Exfiltration

Blog banner

Fashion design

Blog banner

Functions of Operating System

Blog banner

A-B-C of Networking: Part-2 (Components)

Blog banner

Is Brushing After Eating Damaging Your Teeth? (Fact or Myth)

Blog banner

Explain Multiprocessors

Blog banner

?Why Social and Emotional Skills Matter More Than ABCs in Early Years?

Blog banner

Paginng In OS

Blog banner

Evolution of the Microprocessor ~ Aditya Pai

Blog banner

WomenEmpowerment

Blog banner

The Essential Guide to Dynamic Arrays vs. Linked Lists: Which to Use and When ?

Blog banner

Vulnerability Assessment

Blog banner

Memory heirchy

Blog banner

MEMORY HIERARCHY

Blog banner

Uniprocessor scheduling

Blog banner

How Preschool Annual Day Shapes Confidence, Emotions, and Growth

Blog banner

Android Application Components and Activity Lifecycle

Blog banner

Memory input output management

Blog banner

ODOO

Blog banner

Modern operating system

Blog banner

What Makes Patola the Queen of Silk?

Blog banner

Random Forests

Blog banner

Chicken Dum Biryani

Blog banner

Why Oak Tree Hotel Is Arcadia’s Hidden Gem?

Blog banner

The Chapped Lips and Dry Mouth Trap: The Sneaky Reason Cavities Spike in Winter

Blog banner

Cache memory

Blog banner

security requirements for safe e-payment

Blog banner

Understanding Gen Z: A Generation Facing Crisis and Potential

Blog banner

The Right way of cooking

Blog banner

Wrike

Blog banner

Data Mining

Blog banner

Why am I never satisfied with my Life?

Blog banner