Welcome back. In
this series of lessons, we're examining how and
why to detect and avoid, buffer and numerical
overflows in your code. Let's get started.
In this section, rather in this lesson, we'll be dealing with overflows. String overflows where buffers are overflowed and you
go beyond the end, or numeric overflows where numbers are too big or too small, and as a result, the overflow storage that
they're allocated, and so read is something else. The next slide shows
the goals of this section. We're going to start
with buffer overflows, and there are a number
of different names that these attacks are known of. The oldest and the original one
is Smashing the Stack. Then you have Lib C. I'm sorry returned of
Lib C or architects, and then you have
return-oriented programming. We'll talk about all of these, we will also talk about database buffer overflows
where you tamper with the data rather than
injecting code, or manipulating
the flow of control, and also we'll look for ways
to avoid buffer overflows, and when you can't avoid them
to detect their happening. The next slide talks
about some of the uses of buffer overflows. Traditionally it's
the technique to have your code executed by
a running program. Now it may not be code you wrote, maybe code that's already
loaded in memory, and you're just executing it in an order that is unexpected. But it has a lot of other uses. You can overflow data
in the data area, overflow buffering
the data area to change variable values and cause the program to act
differently than it should. You can overflow the heap, and in the heap are
function pointers and allocated storage
or replaced. So you can change those pointers. You can also execute code, and store in
environment variables which we talked about earlier. That's not fundamentally
different, but on many systems
the environment variables are stored way down on the stack. So if you can trigger
a jump to where that environment variable
value is stored, you'll be able to execute
whatever is in it.