In general term, Buffer just a block or portion of memory allocated for data storage of programs such as variables. Stack is another dynamic memory buffer portion used to store data implicitly normally during the run time. Another one is a Heap, also a buffer that can be used to store program data explicitly. Here, a buffer should be a general term used to store program data during program compilation/linking and running. In programming, buffer will be allocated for example by declaring an array variable. Array is used for storing a sequence of data that is C's character and string. In C/C++ programs, array may be declared as follows:
char TestArr[ ]; // one dimensional unsized array of type char.
int TestArr2[10]; // one dimensional array with 10 elements of integer.
long TestArr3[3][4]; // two dimensional array with 12 (3 x 4) elements of long integer.
For procedure or function calls, array elements will be stored in a buffer of the stack statically during compile/link time. During run time, buffer in the stack might be allocated and de-allocated dynamically for the array elements. For the above example, when the size of an array is not verified, it is possible to write outside the allocated buffer. Graphically an array element will be stored in the buffer as shown below by assuming every memory cell is 4 bytes in size and using the little endian:
// in C, for string array, it is NULL ‘\0’ terminated…
char Name[12] = "Mr. Buffer";
int num = 2;
If such an action takes place in memory addresses higher than the allocated buffer, it is called a buffer overflow. A similar problem exists when writing to a buffer in memory addresses below the allocated buffer. In this case, it is called a buffer underflow. A buffer overflow that injects code into a running process is referred to as an exploitable buffer overflow.
A certain class of well documented strings and characters manipulation functions that may be used together with an array variables for their arguments or inputs, such as strcpy(), gets(),scanf(), sprintf(), strcat(), is naturally vulnerable to buffer overflows. Heap also used to store data but the allocation of the heap normally done explicitly using memory management functions such as malloc(), calloc() and free().
A buffer overflow is one of the most common sources of security risk. It is essentially caused by treating unchecked, external input to the running program as trustworthy data. The act of copying this data, using functions such as strcat() and strcpy() for example can create unanticipated results, which allows for system corruption. In the best of cases, your application will abort with a core dump, segmentation fault, or access violation. In the worst of cases, what this paper is going to investigate is an attacker can exploit the buffer overflow by injecting and executing a malicious code in the running process. Copying unchecked input data into a stack based buffer is the most common cause of exploitable faults.
For example, if an access violation occurs in the running process, it may lead to a denial of service attack against the application, or in the worst case, allow attackers to inject executable code into your process to spawn a shell or to escalate the privilege to Administrator or root locally or remotely. Buffer overflow can occur in a variety of ways. Let's have a look on the Table:
This was only the introduction of buffer overflows. We'll do practical soon.
