What is a buffer overflow and how do I cause one?

2019-01-07 09:01发布

I have heard about a buffer overflow and I would like to know how to cause one.

Can someone show me a small buffer overflow example? New(And what they are used for?)

11条回答
看我几分像从前
2楼-- · 2019-01-07 09:20

If you want to check you program for buffer overflows, you could run it with tools like Valgrind. They will find some memory management bugs for you.

查看更多
看我几分像从前
3楼-- · 2019-01-07 09:23

In this context, a buffer is a portion of memory set aside for a particular purpose, and a buffer overflow is what happens when a write operation into the buffer keeps going past the end (writing into memory which has a different purpose). This is always a bug.

A buffer overflow attack is one which uses this bug to accomplish something that the program's author didn't intend to be possible.

查看更多
聊天终结者
4楼-- · 2019-01-07 09:26

In addition to what has already been said, keep in mind that you'r program may or may not "crash" when a buffer overflow occurs. It should crash, and you should hope it does - but if the buffer overflow "overflows" into another address that your application has also allocated - your application may appear to operate normally for a longer period of time.

If you are using a later edition of Microsoft Visual Studio - I would suggest using the new secure counterparts in the stdlib, such as sprintf_s insted of sprintf, ect...

查看更多
狗以群分
5楼-- · 2019-01-07 09:26

The "classic" buffer overflow example is:

int main(int argc, char *argv[])
{
    char buffer[10];
    strcpy(buffer, argv[1]);
}

That lets you play with the buffer overflow parameters and tweak them to your hearts content. The book "Hacking - The Art of Exploitation" (Link goes to Amazon) goes into great detail about how to play around with buffer overflows (purely as an intellectual exercise obviously).

查看更多
啃猪蹄的小仙女
6楼-- · 2019-01-07 09:26

This is a general comment about the answers you received. For example:

int main(int argc, char *argv[])
{
    char buffer[10];
    strcpy(buffer, argv[1]);
}

And:

int main(int argc, const char* argv[])
{
    char buf[10];
    memset(buf, 0, 11);
    return 0;
}

On modern Linux platforms, this may not work as expected or intended. It may not work because of the FORTIFY_SOURCE security feature.

FORTIFY_SOURCE uses "safer" variants of high risk functions like memcpy and strcpy. The compiler uses the safer variants when it can deduce the destination buffer size. If the copy would exceed the destination buffer size, then the program calls abort().

To disable FORTIFY_SOURCE for your testing, you should compile the program with -U_FORTIFY_SOURCE or -D_FORTIFY_SOURCE=0.

查看更多
放荡不羁爱自由
7楼-- · 2019-01-07 09:29

A buffer overflow is just writing past the end of a buffer:

int main(int argc, const char* argv[])
{
    char buf[10];
    memset(buf, 0, 11);
    return 0;
}
查看更多
登录 后发表回答