|
|
Buffer Attacks - What they are and how we avoid them.By James R. Twine (Copyright 2003, James R. Twine) What are Buffer Attacks? A Buffer Attack is a attack in which a specially crafted piece of code causes specific data to be written before (underrun) or after (overrun) an incorrectly manipulated buffer in a target application. The results of this attack vary but the attack can be designed to simply crash the target application, cause it to operate incorrectly, or in the worst case, cause different and often malicious code to be executed. Buffer Attacks usually target string buffers, and then are most effective on stack-based buffers. This is generally easy because proper string buffer manipulation is tedious. As a result, developers often get lazy and do things like using the strcpy(...) function where they should have been using the strncpy(...) function. The fact that strings often require a NUL terminator (and thus an extra byte of space) only complicates things. The following articles show the methods that we use to help prevent our code from being vulnerable to these kinds of attacks. Using the n-versions of string manipulation functions Using Size-Plus-One buffer sizing, and Paranoid Termination (plus a GUI-design tip) |
|