{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

int bar char buf64 getsbuf return foo

Info icon This preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Point Buffer Overflow 15 University of Washington Malicious Use of Buffer Overflow Stack aber call to gets() void foo(){ bar(); ... } int bar() { char buf[64]; gets(buf); ... return ...; } ¢  ¢  ¢  foo stack frame return address A B (was A) data wriZen by gets() B pad exploit code bar stack frame Input string contains byte representaOon of executable code Overwrite return address A with address of buffer (need to know B) When bar() executes ret, will jump to exploit code (instead of A) Buffer Overflow 16 University of Washington Exploits Based on Buffer Overflows ¢  ¢  Buffer overflow bugs allow remote machines to execute arbitrary code on vicKm machines Internet worm §  Early versions of the finger server (fingerd) used gets() to read the argument sent by the client: §  finger [email protected] §  Worm aZacked fingerd server by sending phony argument: §  finger “exploit-code padding new-returnaddress” §  exploit code: executed a root shell on the vic9m machine with a direct TCP connec9on to the aZacker Buffer Overflow 17 University of Washington Avoiding Overflow Vulnerability /* Echo Line */ void echo() { char buf[4]; /* Way too small! */ fgets(buf, 4, stdin); puts(buf); } ¢  Use library rouOnes that limit string lengths §  fgets instead of gets (second argument to fgets sets limit) §  strncpy instead of strcpy §  Don’t use scanf with %s conversion specifica9on §  §  Use fgets to read the string Or use %ns where n is a suitable integer Buffer Overflow 18 University of Washington System-­‐Level ProtecOons ¢  not drawn to scale FF Stack Randomized stack offsets §  At start of program, allocate random amount of space on stack §  Makes it difficult for exploit to predict beginning of inserted code ¢  Use techniques to detect stack corrupOon ¢  Nonexecutable code segments §  Only allow code to execute from “text” sec9ons of memory §  Do NOT execute code in stack, data, or heap regions §  Hardware support needed Buffer Overflow 08 00 Heap Data Text 19 ...
View Full Document

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern