Lesson 10

Date: 4/2/2014
Basics of Linux Security
Linux for Engineering and IT Applications


Stack overflow example


  • A buffer overflow is the result of stuffing more data into a buffer than it can handle.
  • In the example, the program has a function with a typical buffer overflow coding error.
  • Dangerous functions for stack overflow (don't check the string boundaries): strcat(), strcpy(), sprintf(), vsprintf(), gets(), scanf().

  • To exploit such flaw, an attacker would need to give a specially crafted encoded input. It can be done localy by using a rootkit or over a network by sending a packet with improperly advertised lengths.
  • 
    #include <string.h>
    
    void function(char *str) {
    
    char buffer[16];
    
    strcpy(buffer,str);
    }
    
    
    int main() {
    char large_string[256];
    int i;
    
    for( i = 0; i < 255; i++)
    large_string[i] = 'A';
    
    function(large_string);
    }
    
    



    Take me to the Course Website