int bar char buf64 getsbuf return foo

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Point Buffer Overflow 15 University of Washington Malicious Use of Buffer Overflow Stack aber call to gets() void foo(){ bar(); ... } int bar() { char buf[64]; gets(buf); ... return ...; } ¢  ¢  ¢  foo stack frame return address A B (was A) data wriZen by gets() B pad exploit code bar stack frame Input string contains byte representaOon of executable code Overwrite return address A with address of buffer (need to know B) When bar() executes ret, will jump to exploit code (instead of A) Buffer Overflow 16 University of Washington Exploits Based on Buffer Overflows ¢  ¢  Buffer overflow bugs allow remote machines to execute arbitrary code on vicKm machines Internet worm §  Early versions of the finger server (fingerd) used gets() to read the argument sent by the client: §  finger droh@cs.cmu.edu §  Worm aZacked fingerd server by sending phony argument: §  finger “exploit-code padding new-returnaddress” §  exploit code: executed a root shell on the vic9m machine with a direct TCP connec9on to the aZacker Buffer Overflow 17 University of Washington Avoiding Overflow Vulnerability /* Echo Line */ void echo() { char buf[4]; /* Way too small! */ fgets(buf, 4, stdin); puts(buf); } ¢  Use library rouOnes that limit string lengths §  fgets instead of gets (second argument to fgets sets limit) §  strncpy instead of strcpy §  Don’t use scanf with %s conversion specifica9on §  §  Use fgets to read the string Or use %ns where n is a suitable integer Buffer Overflow 18 University of Washington System-­‐Level ProtecOons ¢  not drawn to scale FF Stack Randomized stack offsets §  At start of program, allocate random amount of space on stack §  Makes it difficult for exploit to predict beginning of inserted code ¢  Use techniques to detect stack corrupOon ¢  Nonexecutable code segments §  Only allow code to execute from “text” sec9ons of memory §  Do NOT execute code in stack, data, or heap regions §  Hardware support needed Buffer Overflow 08 00 Heap Data Text 19 ...
View Full Document

This document was uploaded on 04/04/2014.

Ask a homework question - tutors are online