[MUSIC] With buffer overflows, there are certain
key ideas that we want to know. The first one is when you're loading
data into an arrays string or buffer. Check the length, be sure it's
not going to cause an overflow. And look for functions that manipulate
arrays, but don't check lengths. And we mentioned this earlier
when we were talking about functions that stopped on
terminating characters. Tempting, but those don't check length. They just look the terminator. And if the terminator occurs after the end
of the buffer because the string is too long, you're still going to get overflow. Also, look at other problems. Are you calling functions that do this
buffer manipulation with same values, like if you call it
with a negative number, should you be calling it
with a negative number. Now there are a couple of tricks
compilers can use for this. The first one is done at the kernel level,
that's address space layout randomization. That's good,
if that can be turned on, you should. The other thing is, when you compile, many compilers will allow you to say
do not execute any code on stack. And the new compiler, for example,
this is special flight to allow this. That'll stop one type of buffer overflow
attack when you're executing on stack. What's critical to understand though
is that doesn't stop an arc attack and it doesn't stop a returnoid
programming attack. because those do not execute on stack,
they execute in regular system space. So be careful. With numeric overflows,
again, these people for some reason get the impression of,
well, it's not that serious. It can be just as serious as
our string buffer overflow. Truncation changes numbers. If you're going from
say 32 bits to 8 bits, you're going to lose
the high order 24 bits. Is that acceptable? Wrapping around can do this, too. There was a very famous incident with
a voting machine that was being tested where they didn't
allocate enough space for the number of voters that
they're doing the testing. And so
it showed that negative five voters voted. What it really should have
said was 261 had voted. But what happened was, the number of
voters allowed was one byte long, and it overflowed, and there was no check. These can also contribute to
buffer overflows, by the way. And we talked about this
earlier when we talked a little bit about failure to check ranges. But also the sign punning. Going from the signed to unsigned and
vice versa can cause problems as well.