Buffer overflow

From ArticleWorld


Buffer overflow represents a situation where a process tries to store more data in a buffer than the buffer can take. This happens when buffers have a certain quantity of memory allocated, but the data that the process tries to store exceeds this quantity. If no proper measures are taken to enforce the boundaries of the buffer, the process may end up overwriting memory locations adjacent to the buffer. This is sometimes harmless, but the memory locations may be used to store data actually used by the program, like variables or other buffers.

Buffer overflows are often exploited by attackers, because when a buffer overflow occurs, the process may perform erratic. Many times the process will simply crash, but it can sometimes produce results that are useful the attacker in some way.

[edit]

A quick example

Let's consider a process that allocates a buffer of six characters. The memory looks roughly like this: 

[ ][ ][ ]['B']['U']['F']['F']['E']['R'][ ][ ][ ][ ]

If the process will now try to store a longer string (say, "BUFFERS") in that buffer, it will end up overwriting one of the following memory locations. This may cause the process to return bad results.

An easy C example is this: 

#include <stdio.h>
#include <string.h>

int main(int argc, char *argv[])
{
  char abuffer[12];
  strcpy(abuffer, argv[1]);
  return 0;
}

Running the program with a string of 11 characters or less produces no bad output. However, if more than 11 characters are used, and the host operating system provides no protection to buffer overflows, the program will crash.

[edit]

Exploits

Malicious users often use buffer overflows in their attack. They do so because they can manipulate a variable adjacent to the buffer in memory, which can influence the program flow or the results. Another case is that when the overflow takes place on the stack. In this case, they can effectively manipulate the return results of a function, effectively changing process flow without changing any value in the program itself.

Considerable effort is therefore taken to protect programs from such exploits. The C and C++ programming language, which are some of the most popular languages in the world, do not have any buffer overflow protection implemented themselves, leading to many problems. However, many new compilers are able to deal with many of these problems. Other languages directly implement overflow protection schemes. Some operating systems take direct measures, some of them even radical: OpenBSD re-implements some of the standard library functions, or implements others, that are more secure against buffer overflows. Some operating systems also choose to protect the executable space, by ensuring it is either writable or readable, but not both as once (like the W^X system in OpenBSD or the PaX shield in Linux).

Retrieved from "http://www.articleworld.org/index.php/Buffer_overflow"