Buffer overflows

 

Buffer overflows

Buffer is a fixed storage space

Buffer space is used to store a data for example: Suppose you added 2 numbers 5+6=11 now you if you want to multiple the output of this two numbers then you need to store this number in a buffer so 11 will be store in buffer and then in next step we will multiple 11 with a new number.

As we know buffer has a fix size so if we will try to store a values whose size is more than buffer size then it may create big issue.

Type of buffer overflow:

1. Stack overflow attack

2. Heap overflow attack

3. Integer overflow attack

4. Unicode overflow

Buffer overflow issue can be seen in C and C++ programming

There is few function like Scanf, gets Printf, Sprintf, Strcat, Strcpy etc which can lead to a buffer overflow.

Lets take an example of buffer over flow, we will assume it is Last in first out

Main(int argc, Char *argv[])

{

   func(argv[1]);

       {

          Char buffer [10];

          Strcpy(buffer, v);

       }

}

The strcpy() function in the above example copies the command arguments into the destination buffer variable without checking the string length

 

We will enter value “AAAAAAAAAAAAAAAAAAA”

Here we enter values more than the size 10, now how program run:

Fun()

Buffer[10]

return address

main()

local variables

 

 

Here value will store in buffer memory but if value is more than 10 then it will store in return address and it will return wrong value