What is buffer overflow or buffer outrun?

What is “Buffer Overflow”?

Buffer overflow, or buffer overrun, is a common software coding mistake that an attacker could exploit to gain access to your system. To effectively mitigate buffer overflow vulnerabilities, it is important to understand what buffer overflows are, what dangers they pose to your applications, and what techniques attackers use to successfully exploit these vulnerabilities.

The actual process, the executable, will be held in memory in a very specific way. And it’s consistent between different processes. So, we have a big block of RAM. We don’t know how big our RAM is because it can be varied, but we use something called Virtual Memory Address Translation to say that everything in here.

0x000 is the bottom of the memory and up here is 0xFFF. So, this is the equivalent of “11111111” memory address all the way up to 32 or 64 bits, and this is 0.

main-memory Now, when you use this, there are certain areas of this memory that are always allocated to certain things. So, up here we have kernel things. So, this will be command line parameters that we can pass to our program and environment variables and so on.

Memory-Division in ram

Down here we have something called the text. That’s the actual code of our program. The machine instructions that we’ve compiled get loaded in there.

Now that’s read-only because we don’t want to be messing about down there. Here we have data. So, uninitialized and initialized variables get held here. And then we have the heap. Now, the heap may have been mentioned from time to time. It’s where you allocate large things in your memory. A big area of memory that you can allocate huge chunks on to do various things. What you do with that is, of course, up to your program.

Then up there, perhaps the most important bit, in some ways anyway, is the stack. Now the stack holds the local variables for each of your functions and when you call a new function.
The heap grows in this direction as you add memory, and the stack grows in this direction.

So how Buffer Overflow might occur?

This is our memory again, nice and big. This is now our stack area. Up there we have the high memory addresses 0xFFF and 0x000 is low. Now, of course, the stack won’t be taking up this whole region but it doesn’t matter.

Example

#include<stdio.h>
#include<string.h>
int main(int argc, char** argv){
	// We are allocating a buffer which is 500 characters long
	char buffer[500];
	strcpy(buffer, argv[1]);
	return 0;
}

So up here we’ve got the main function for C that takes the number of parameters given and a pointer to those variables that you’ve got. And they’ll be held in the kernel area of our memory.
We’ve allocated a buffer that’s 500 characters long and then we call a function called “strcopy” (copy), which will copy our command line parameter from argv into our buffer.
Our function puts on a return address which is replacing the code we need to go back to once we’ve done strcopy. So that’s how main knows where to go after it’s finished.Buffer Overflow in stack And then we put on a reference to the base pointer in our previous function. Then we have our allocated space for our buffer, and it’s 500 long. If we write into it something that’s longer than 500, we’re going to go straight past the buffer (from 0x000 towards 0xFFF), and crucially overwrites our return variable. And that’s where we point back to something we shouldn’t be doing.
If the return address is overwritten with something else then, the control will never be returned to the calling function and you can execute some other thing to gain access to the system or do some other unusual tasks.
That’s why it is so dangerous! I hope you understand the concept, if not please let me know in the comments below.

1 COMMENT

Leave a Reply