Buffer Overflow – “Data Gone Wild” – CS0
Buffer overflow occurs when data is input or written beyond the allocated bounds of an object, causing a program crash or creating a vulnerability that attackers might exploit.
A buffer overflow occurs when data is written beyond the boundaries of a fixed length buffer overwriting adjacent memory locations which may include other buffers, variables and program flow data. Considered the “nuclear bomb” of the software industry, the buffer overflow is one of the most persistent security vulnerabilities and frequently used attacks.
Video by Lydia Spurrier and Miya Dubler.
Risk: How Can It Happen?
Writing outside the bounds of a block of allocated memory can corrupt data, crash the program, or cause the execution of malicious code. C++ is particularly vulnerable to buffer overflow.
Example of Occurrence:
Buffer overflow vulnerabilities were exploited by the the first major attack on the Internet. known as the Morris worm, this attack infected more than 60,000 machines and shut down much of the Internet for several days in 1988. Carolyn Duffy Marsan Morris Worm Turns 20: Look what it’s Done Network World, October 30, 2008 http://www.networkworld.com/news/2008/103008-morris-worm.html?page=1
Example in Code:
integer importantData = 1; integer buffer; for (integer i = 0; i <= 15; i = i + 1) buffer[i] = 7; Display "after buffer overflow: importantData = " importantData
In the code above, buffer has 10 elements but the loop attempts to writes through 15 elements, which causes a buffer overflow. Some languages, such as Java, will discover the overflow and throw an exception. Other languages, such as C/C++, may write over importantData.
Code Responsibly-- How Can I Avoid Buffer Overflow?
Make sure you have enough space: Before copying data to a fixed size block, make sure it is large enough to hold the data that you are going to copy. If it is not large enough, do not copy more data than your available space can hold. If your program is not able to continue properly after filling the available space, you may have to find some way to recover from the error.
Validate indices: If you have an integer variable, verify that it is within the proper bounds before you use it as an index to an array. This validation is particularly important for any values that might have been provided as user input or other untrusted input, such as information that might be read from a file or from a network connection.
integer tests; integer test; integer count; Display "How many numbers? " Input count for (integer i = 0; i < count; i = i + 1) begin Display "Please type a number: "; Input test; tests[i]= test; end
- Type* the example in code from the Background section above. Trace.
- What happened? Why? Fix the error and trace again.
- Type* Program 1 and trace
- Complete the security checklist for this program (print the checklist)
- The V indicates where the potential buffer could occur. How could we prevent this?
- Revise the program to eliminate potential buffer overflow problems.
- Turn in program (marked after completing checklist), output, and questions
*Copying and pasting programs may result in syntax errors and other inconsistencies. It is recommended you type each program.
|Vulnerability:Buffer Overflow Course: CS0|
|Task - Check each line of code||Completed|
|1. Finding Arrays:|
|1.1 Underline each array declaration|
|1.2 For each array, underline all subsequent references|
|2. Index Variables – legal range for an array of size n is 0 <= i < n|
|2.1 For each underlined access that uses a variable as an index, write the legal range next to it.|
|2.2 For each index marked in 2.1, underline all occurrences of that variable.|
|2.3. Circle any assignments, inputs or operations that may modify these index variables.|
|2.4. Mark with a V any array that is indexed by a circled index variable.|
|Highlighted areas indicate a buffer overflow vulnerability.|
- Describe the buffer overflow problem.
- How could you prevent a buffer overflow from occurring in your program?
Further Work (optional - check with your instructor if you need to answer the following questions)
- Give three real life examples of buffer overflow attacks (research on the web).
- What can result from a buffer overflow?
- Provide three different examples of code that contains buffer overflows.