Buffer Overflow

From Guidance Share

Jump to: navigation, search

Contents

Description

A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer. In this case, a buffer is a sequential section of memory allocated to contain anything from a character string to an array of integers.

Applies To

  • Languages: C, C++, Fortran, Assembly
  • Operating platforms: All, although partial preventative measures may be deployed, depending on environment.
  • Note on managed code: Buffer overruns can occur in .NET managed code when calling into native code or if the managed code is marked with the unsafe keyword.

Example

There are many real-world Examples of buffer overflows, including many popular “industrial” applications, such as E-mail servers (Sendmail) and web servers (Microsoft IIS Server). In code, here is a simple, if contrived example:

void example(char *s) {
char buf[1024];
strcpy(buf, s);
}
int main(int argc, char **argv) {
example(argv[1]);
}

Since argv[1] can be of any length, more than 1024 characters can be copied into the variable buf.

Impact

  • Availability: Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop.
  • Access control (instruction processing): Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program’s implicit security policy.
  • Other: When the consequence is arbitrary code execution, this can often be used to subvert any other security service.

Vulnerabilities

  • Failure to check buffer boundary on copy
  • Failure to check buffer boundary on concatenation

Countermeasures

  • Pre-design: Use a language or compiler that performs automatic bounds checking.
  • Design: Use an abstraction library to abstract away risky APIs. Not a complete solution.
  • Pre-design through Build: Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.
  • Implementation: Check buffer boundaries before copy or concatenation.
  • Operational: Use OS-level preventative functionality. Not a complete solution.

Vulnerability Patterns

How Tos

Personal tools