A buffer is a temporary area for data storage. When more data (than was originally allocated to be stored) gets placed by a program or system process, the extra data overflows. It causes some of that data to leak out into other buffers, which can corrupt or overwrite whatever data they were holding.
In a buffer-overflow attack, the extra data sometimes holds specific instructions for actions intended by a hacker or malicious user; for example, the data could trigger a response that damages files, changes data or unveils private information.
Attacker would use a buffer-overflow exploit to take advantage of a program that is waiting on a user’s input. There are two types of buffer overflows: stack-based and heap-based. Heap-based, which are difficult to execute and the least common of the two, attack an application by flooding the memory space reserved for a program. Stack-based buffer overflows, which are more common among attackers, exploit applications and programs by using what is known as a stack: memory space used to store user input.
Let us study some real program examples that show the danger of such situations based on the C.
In the examples, we do not implement any malicious code injection but just to show that the buffer can be overflow. Modern compilers normally provide overflow checking option during the compile/link time but during the run time it is quite difficult to check this problem without any extra protection mechanism such as using exception handling.
Compile this program in Linux and for output use command outpute_file INPUT
Input : 12345678 (8 bytes), the program run smoothly.
Input : 123456789 (9 bytes) "Segmentation fault" message will be displayed and the program terminates.
The vulnerability exists because the buffer could be overflowed if the user input (argv) bigger than 8 bytes. Why 8 bytes? For 32 bit (4 bytes) system, we must fill up a double word (32 bits) memory. Character (char) size is 1 byte, so if we request buffer with 5 bytes, the system will allocate 2 double words (8 bytes). That is why when you input more than 8 bytes; the mybuffer will be over flowed
Similar standard functions that are technically less vulnerable, such as strncpy(), strncat(), and memcpy(), do exist. But the problem with these functions is that it is the programmer responsibility to assert the size of the buffer, not the compiler.
Every C/C++ coder or programmer must know the buffer overflow problem before they do the coding. A lot of bugs generated, in most cases can be exploited as a result of buffer overflow.
This article is contributed by Akash Sharan. If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please write comments if you find anything incorrect, or you want to share more information about the topic discussed above.
Attention reader! Don’t stop learning now. Get hold of all the important DSA concepts with the DSA Self Paced Course at a student-friendly price and become industry ready.
- Heap overflow and Stack overflow
- Z-Buffer or Depth-Buffer method
- Check for integer overflow on multiplication
- Mitigation of SQL Injection Attack using Prepared Statements (Parameterized Queries)
- Path Traversal Attack and Prevention
- Understanding ReDoS Attack
- Ways to place K bishops on an N×N chessboard so that no two attack
- Perform DDoS attack using Torshammer
- Sybil Attack
- Brute Force Attack
- What is a Dictionary Attack?
- Why User's Access is Prone to Attack?
- CRLF Injection Attack
- XML External Entity (XXE) and Billion Laughs attack
- Clearing The Input Buffer In C/C++
- What does buffer flush means in C++ ?
- A-Buffer Method
- Node.js | Buffer.readInt32BE() Method
- Node.js | Buffer.readInt32LE() Method
- Node.js | Buffer.readIntBE() Method