Buffer Overflow - ”Data Gone Wild” – CS0


Background

Summary:

Buffer overflow occurs when data is input or written beyond the allocated bounds of an object, causing a program crash or creating a vulnerability that attackers might exploit.

Description:

A buffer overflow occurs when data is written beyond the boundaries of a fixed length buffer overwriting adjacent memory locations which may include other buffers, variables and program flow data. Considered the “nuclear bomb” of the software industry, the buffer overflow is one of the most persistent security vulnerabilities and frequently used attacks.

Risk: How Can it Happen?

Writing outside the bounds of a block of allocated memory can corrupt data, crash the program, or cause the execution of malicious code. C++ is particularly vulnerable to buffer overflow. However, Java is designed to avoid the buffer overflow by checking the bounds of a buffer (like an array) and preventing any access beyond those bounds. Even though Java may prevent a buffer overflow from becoming a security issue, it is essential for all programmers to understand the concepts described below.

Example of Occurrence:

Buffer overflow vulnerabilities were exploited by the the first major attack on the Internet. Known as the Morris worm, this attack infected more than 60,000 machines and shut down much of the Internet for several days in 1988.

Carolyn Duffy Marsan, Morris Worm Turns 20: Look what it’s Done, Network World, October 30, 2008 http://www.techworld.com.au/article/265692/morris_worm_turns_20_look_what_it_done/

Example in Code:

public class Overflow
 {
  public static void main(String[] args)
  {
    int importantData =1;
    int[]  buffer = new int[10];

    for (int i =0; i < 15; i++)
      buffer[i] = 7;

    System.out.println("after buffer overflow ");
    System.out.println("Important data  = "+importantData);
  }
}

In the code above, buffer has 10 elements but the loop attempts to writes through 15 elements, which can result in a buffer overflow in many languages. In Java, the code results in an ArrayIndexOutOfBoundsException:

Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 10
        at Overflow.main(Overflow.java:9)

An ‘exception’ is an abnormal condition in the execution of code. The ArrayIndexOutOfBoundsException shows that the index used to access the array is not within the valid range. Exceptions like this need to be avoided or handled in code so the code execution does not stop (like it did in the example above).

Code Responsibly– How Can I Avoid Buffer Overflow?

Make sure you have enough space: Before copying data to a fixed size block, make sure it is large enough to hold the data that you are going to copy. If it is not large enough, do not copy more data than your available space can hold. If your program is not able to continue properly after filling the available space, you may have to find some way to recover from the error.

Validate indices: If you have an integer variable, verify that it is within the proper bounds before you use it as an index to an array. This validation is particularly important for any values that might have been provided as user input or other untrusted input, such as information that might be read from a file or from a network connection.

Lab Assignment

Program 1

import java.util.Scanner;
public class Overflow2
{
  public static void main(String[] args)
  {
    int[] tests = new int[10];
    int test;
    int count;
    Scanner scan = new Scanner(System.in);

    System.out.print("How many numbers? ");
    count = scan.nextInt();
    for (int i =0 ; i < count; i++)
    {
    	System.out.print("Please type a number: ");
   	test  = scan.nextInt();
    	tests[i]= test;
    }
  }
}


Lab Questions:

  1. Type* the example in code from the Background section above. Compile and run.
  2. What happened? Why? Fix the error and run again.
  3. Type* Program 1 and compile.
  4. Complete the security checklist for this program (print the checklist)
  5. The V indicates where the potential buffer could occur. How could we prevent this?
  6. Revise the program to eliminate potential buffer overflow problems.
  7. Turn in program (marked after completing checklist), output, and questions

*Copying and pasting programs may result in syntax errors and other inconsistencies. It is recommended you type each program.


Security Checklist


Security Checklist

Vulnerability:Buffer Overflow Course: CS0
Task – Check each line of code Completed
1. Finding Arrays:
1.1 Underline each array declaration
1.2 For each array, underline all subsequent references
2. Index Variables – legal range for an array of size n is 0 <= i < n
2.1 For each underlined access that uses a variable as an index, write the legal range next to it.
2.2 For each index marked in 2.1, underline all occurrences of that variable.
2.3. Circle any assignments, inputs or operations that may modify these index variables.
2.4. Mark with a V any array that is indexed by a circled index variable.
Highlighted areas indicate a buffer overflow vulnerability.
  

Discussion Questions

  1. Describe the buffer overflow problem.
  2. How could you prevent a buffer overflow from occurring in your program?

Further Work (optional – check with your instructor if you need to answer the following questions)

  1. Give three real life examples of buffer overflow attacks (research on the web).
  2. What can result from a buffer overflow?
  3. Provide three different examples of code that contains buffer overflows.




 
Copyright © Towson University