Lecture7-ia32-bufferoverflow

Lecture7-ia32-bufferoverflow - Announcements CS 3214...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
1 CS 3214 Computer Systems Godmar Back Lecture 7 Announcements • Exercise 3 due Sep 19 • Project 2 due Sep 21 – Read update: env LD PRELOAD=stack so /bufbomb env LD_PRELOAD=stack.so ./bufbomb CS 3214 Fall 2011 Buffer Overflows • What is a buffer overflow? • How can it be exploited? • How can it be avoided? – Through programmer measures – Through system measures (and how effective are they?) CS 3214 Fall 2011 String Library Code – Implementation of Unix function gets • No way to specify limit on number of characters to read /* Get string from stdin */ char *gets(char *dest) { int c = getc(); char *p = dest; while (c != EOF && c != '\n') { – Similar problems with other Unix functions strcpy : Copies string of arbitrary length scanf , fscanf , sscanf , when given %s conversion specification *p++ = c; c = getc(); } *p = '\0'; return dest; } CS 3214 Fall 2011 Vulnerable Buffer Code /* Echo Line */ void echo() { char buf[4]; /* Way too small! */ gets(buf); puts(buf); } int main() { printf("Type a string:"); echo(); return 0; } CS 3214 Fall 2011 Buffer Overflow Executions unix> ./bufdemo Type a string: 123 123 unix>./bufdemo Type a string: 12345 Segmentation Fault unix>./bufdemo Type a string: 12345678 Segmentation Fault CS 3214 Fall 2011
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Buffer Overflow Stack /* Echo Line */ void echo() { char buf[4]; /* Way too small! */
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/31/2011 for the course CS 3214 taught by Professor Staff during the Fall '11 term at Virginia Tech.

Page1 / 3

Lecture7-ia32-bufferoverflow - Announcements CS 3214...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online