Stack Overflow
Stack Overflow

Questions tagged [buffer-overflow]

Usually occurs when you attempt to copy data into a buffer without checking for sufficient space, causing data to be overwritten in neighboring cells.

RAM is divided into memory cells with each cell capable of storing a single byte on it's own. Applications use different sizes of the same data type to fulfill their computational needs, which can vary between a single or multiple (arrays) or dynamically allocated (pointers). Problems usually arise when software developers employ the use of arrays or pointers without verifying the destination buffer has sufficient or adequate space.

char Target[10];
char Input[20];
strcpy( Target, Input); // 1st Parameter: Destination, 2nd Parameter: Data

The code listed above plus certain conditions can exhibit the buffer-overflow corruption. If the coder doesn't take the necessary precautions to validate target/input, it will result in data being fed into adjacent memory cells corrupting whatever contents is stored within them.

Such results can be devastating as they affect overall system integrity.

1308 questions
257
votes
11 answers

Why is the gets function so dangerous that it should not be used?

When I try to compile C code that uses the gets() function with GCC, I get this warning: (.text+0x34): warning: the `gets' function is dangerous and should not be used. I remember this has something to do with stack protection and security, but…
Vinit Dhatrak
  • 6,034
  • 8
  • 24
  • 26
242
votes
14 answers

Why does this for loop exit on some platforms and not on others?

I have recently started to learn C and I am taking a class with C as the subject. I'm currently playing around with loops and I'm running into some odd behaviour which I don't know how to explain. #include int main() { int…
JonCav
  • 1,657
  • 2
  • 8
  • 8
149
votes
5 answers

Why is this code vulnerable to buffer overflow attacks?

int func(char* str) { char buffer[100]; unsigned short len = strlen(str); if(len >= 100) { return (-1); } strncpy(buffer,str,strlen(str)); return 0; } This code is vulnerable to a buffer overflow attack, and I'm…
Jason
  • 1,223
  • 2
  • 9
  • 5
98
votes
10 answers

Does Java have buffer overflows?

Does Java have buffer overflows? If yes can you give me scenarios?
ecleel
  • 11,218
  • 13
  • 46
  • 48
91
votes
10 answers

Why should you use strncpy instead of strcpy?

Edit: I've added the source for the example. I came across this example: char source[MAX] = "123456789"; char source1[MAX] = "123456789"; char destination[MAX] = "abcdefg"; char destination1[MAX] = "abcdefg"; char *return_string; int index = 5; /*…
Kredns
  • 34,183
  • 49
  • 147
  • 200
86
votes
6 answers

How to prevent scanf causing a buffer overflow in C?

I use this code: while ( scanf("%s", buf) == 1 ){ What would be the best way to prevent possible buffer overflow so that it can be passed strings of random lengths? I know I can limit the input string by calling for example: while ( scanf("%20s",…
goe
  • 4,661
  • 13
  • 41
  • 48
77
votes
6 answers

How to turn off gcc compiler optimization to enable buffer overflow

I'm working on a homework problem that requires disabling compiler optimization protection for it to work. I'm using gcc 4.4.1 on ubuntu linux, but can't figure out which flags are are the right ones. I realize it's architecture dependant - my…
sa125
  • 25,703
  • 36
  • 105
  • 149
69
votes
10 answers

What is the difference between a stack overflow and buffer overflow?

What is the difference between a stack overflow and a buffer overflow in programming?
joe
  • 31,345
  • 29
  • 92
  • 134
62
votes
2 answers

How does a NOP sled work?

I can't find a good source that answers this question. I know that a nop sled is a technique used to circumvent stack randomization in a buffer overflow attack, but I can't get my head around how it works. What's a simple example that illustrates…
amorimluc
  • 1,414
  • 5
  • 19
  • 27
46
votes
7 answers

Buffer overflow works in gdb but not without it

I am on CentOS 6.4 32 bit and am trying to cause a buffer overflow in a program. Within GDB it works. Here is the output: [root@localhost bufferoverflow]# gdb stack GNU gdb (GDB) Red Hat Enterprise Linux (7.2-60.el6_4.1) Copyright (C) 2010 Free…
thaweatherman
  • 1,327
  • 4
  • 18
  • 29
45
votes
1 answer

"xor eax, ebp" being used in C++ compiler output

I just tried compiling a couple of C++ snippets on VS2010 and analyzed the executables on IDA Pro. Something I noticed is that there most of them have something like the following at the start(shortly after a call to __security_check_cookie) xor…
user277465
41
votes
7 answers

Writing Secure C and Secure C Idioms

"The average man does not want to be free. He simply wants to be safe." - H. L. Menken I am attempting to write very secure C. Below I list some of the techniques I use and ask are they as secure as I think they are. Please don't not hesitate to…
Ethan Heilman
  • 14,869
  • 10
  • 58
  • 88
41
votes
3 answers

Why does this memory address %fs:0x28 ( fs[0x28] ) have a random value?

I've written a piece of C code and I've disassembled it as well as read the registers to understand how the program works in assembly. int test(char *this){ char sum_buf[6]; strncpy(sum_buf,this,32); return 0; } The piece of my code…
Dr.Knowitall
  • 8,594
  • 18
  • 72
  • 123
35
votes
5 answers

How can I invoke buffer overflow?

I got a homework assignment asking me to invoke a function without explicitly calling it, using buffer overflow. The code is basically this: #include #include void g() { printf("now inside g()!\n"); } void f() { …
sa125
  • 25,703
  • 36
  • 105
  • 149
31
votes
12 answers

What is a buffer overflow and how do I cause one?

I have heard about a buffer overflow and I would like to know how to cause one. Can someone show me a small buffer overflow example? New(And what they are used for?)
H4cKL0rD
  • 4,775
  • 15
  • 47
  • 72
1
2 3
87 88