CS 241 Data Organization Buffer Overflows December 4, 2018 The - - PowerPoint PPT Presentation

cs 241 data organization buffer overflows
SMART_READER_LITE
LIVE PREVIEW

CS 241 Data Organization Buffer Overflows December 4, 2018 The - - PowerPoint PPT Presentation

Dec 18, 2023 135 likes •256 views

CS 241 Data Organization Buffer Overflows December 4, 2018 The Problem Exploitation Use large strings (or other datatypes) to overflow a buffer Craft input to make the server do whatever you want Easy to crash a program Harder

slide-1
SLIDE 1

CS 241 Data Organization Buffer Overflows

December 4, 2018

slide-2
SLIDE 2

The Problem

slide-3
SLIDE 3

Exploitation

  • Use large strings (or other datatypes) to
  • verflow a buffer
  • Craft input to make the server do whatever you

want

  • Easy to crash a program
  • Harder to “program the program”!
slide-4
SLIDE 4

C call stack

call stack

slide-5
SLIDE 5

Stack Frame

Stack

slide-6
SLIDE 6

Smashing the Stack for Fun and Profit

  • Idea: Overflow a buffer to overwrite the return

address

  • When function is done, it’ll jump to that

address.

  • Put some code in a buffer and send the return

address to point to it.

slide-7
SLIDE 7

Issues

  • How do we know what value the pointer should

have?

  • How do we build a “small program” and stuff it

into a buffer?

slide-8
SLIDE 8

Demo

Demo

slide-9
SLIDE 9

NOP slide

  • Most CPUs have a No-Operation instruction it

does nothing but advance the instruction pointer.

  • Usually we can put a bunch of these ahead of
  • ur program (in the string).
  • As long as the new return-address points to a

NOP we are OK.

slide-10
SLIDE 10

Other C security issues

  • Buffer overflow is just the most common

programming problem exploited.

  • Integer arithmetic can also be a problem!
  • foo = malloc(num * sizeof(struct blah));
  • What if num is 232 − 1? What if num is -1?
slide-11
SLIDE 11

Summary

  • C is hard.
  • Don’t use strcpy on user input.
  • Check return value on library calls.