Bufter Overflow Exploits CS-480b Dick SteTlik... Side Effects ° The side effects of a buffer overflow may Cause.. ° the program may work strangely ° the program may fail ° the program
Trang 1Bufter Overflow Exploits
CS-480b Dick SteTlik
Trang 2
° Anyfime we pu
structure than it
Trang 3Side Effects
° The side effects of a buffer overflow may
Cause
° the program may work strangely
° the program may fail
° the program may continue without any noticeable problems
Trang 4°® What data e
that gets ove
Trang 5
/errun a statIc butte
hurts Fhe) na tle to
control |
mc .
Trang 7strcpy()
if you know the size of the destination buffer:
if (strlen(src) >= dst_size {/* throw an error */ } else { strcpy(dst, src); }
ae
strncpy(dst, src, dst_size-1);
dst[dst_size -1] = ‘\0’; /* just to be safe */
oe
/* allocate the destination buffer when you need it */ dst = (char *)malloc(strlen(src) +1);
srtcpy(dst, src)
Trang 8strcat( )
/* same as srtcpy( ) but cancatenates source string to end of a buffer */ /* safer alternative is to use strncat( ) ; still need to insure you don’t */
/* overrun the destination buffer * /
strncat(dst,.src, dst_size - strlen(dst) -1);
Trang 9
I
Trang 10re is no really portable way aro , sometimes a snprintf() *
provided that lets you 1001) 1arACf€rs {O CODy: ˆ
in(int argc , char **arg
Isage[1024]:-
Trang 13on main(int cliolor or
-_ Char iO =
erence printf("%s\
Trang 14gets( )
strcpy( )
strcat( )
sprintf( )
scanÍ( )
sscanf( )
fscanf( )
viscanf( )
vsscanf( )
streadd( )
strecpy( )
functions to be wary otf:
strtrns( ) realpath( )
syslog( ) getopt( )
getopt long(.) getpass( )
getchar( ) fgetc( )
getc( )
read( )
beopy()
fgets( ) memcpy( ) snprintf( ) strccpy( ) strcadd( ) strncpy( ) vsnprinff( )
Trang 15heap overflows
Trang 16stack overflows