Usually occurs when you attempt to copy data into a buffer without checking for sufficient space, causing data to be overwritten in neighboring cells.
223
votes
14answers
21k views
Why does this for loop exit on some platforms and not on others?
I have recently started to learn C and I am taking a class with C as the subject. I'm currently playing around with loops and I'm running into some odd behaviour which I don't know how to explain.
...
138
votes
5answers
13k views
Why is this code vulnerable to buffer overflow attacks?
int func(char* str)
{
char buffer[100];
unsigned short len = strlen(str);
if(len >= 100)
{
return (-1);
}
strncpy(buffer,str,strlen(str));
return 0;
}
This code is ...
59
votes
9answers
32k views
40
votes
1answer
3k views
“xor eax, ebp” being used in C++ compiler output
I just tried compiling a couple of C++ snippets on VS2010 and analyzed the executables on IDA Pro. Something I noticed is that there most of them have something like the following at the start(shortly ...
40
votes
7answers
4k views
Writing Secure C and Secure C Idioms
"The average man does not want to be free. He simply wants to be safe." - H. L. Menken
I am attempting to write very secure C. Below I list some of the techniques I use and ask are they as secure ...
38
votes
8answers
11k views
What is the difference between a stack overflow and buffer overflow?
What is different between stack overflow and buffer overflow in Programming ?
36
votes
11answers
74k views
Why should you use strncpy instead of strcpy?
Edit: I've added the source for the example.
I came across this example:
char source[MAX] = "123456789";
char source1[MAX] = "123456789";
char destination[MAX] = "abcdefg";
char destination1[MAX] = ...
34
votes
1answer
11k views
How does a NOP sled work?
I've been cracking my head open and can't find a good source that answers this question. I know that a nop sled is a technique used to circumvent stack randomization in a buffer overflow attack, but I ...
27
votes
5answers
4k views
How can I invoke buffer overflow?
I got a homework assignment asking me to invoke a function without explicitly calling it, using buffer overflow. The code is basically this:
#include <stdio.h>
#include <stdlib.h>
void ...
25
votes
5answers
26k views
How to turn off gcc compiler optimization to enable buffer overflow
I'm working on a homework problem that requires disabling compiler optimization protection for it to work. I'm using gcc 4.4.1 on ubuntu linux, but can't figure out which flags are are the right ones. ...
25
votes
5answers
2k views
Stack Smashing attempt giving segfault
I am trying to do an example from the Smashing the Stack for Fun and Profit in C, but am kind of stuck at a point,
following is the code (I have a 64-bit machine with Ubuntu 64-bit):
int main()
{
...
20
votes
11answers
1k views
Consequences of this buffer overflow?
So here I believe I have a small buffer overflow problem I found when reviewing someone else's code. It immediately struck me as incorrect, and potentially dangerous, but admittedly I couldn't explain ...
19
votes
11answers
14k views
What is a buffer overflow and how do I cause one?
I have heard about a buffer overflow and I would like to know how to cause one.
Can someone show me a small buffer overflow example?
New(And what they are used for?)
18
votes
1answer
584 views
Why do I get access violations when a control's class name is very, very long?
I subclassed a control in order so I can add a few fields that I need, but now when I create it at runtime I get an Access Violation. Unfortunately this Access Violation doesn't happen at the place ...
17
votes
15answers
13k views
What C/C++ tools can check for buffer overflows? [closed]
I've been asked to maintain a large C++ codebase full of memory leaks. While poking around, I found out that we have a lot of buffer overflows that lead to the leaks (how it got this bad, I don't ever ...
17
votes
1answer
10k views
heap overflow attacks
How heap overflow attacks are done?
In case of stackoverflow attacks, the attacker replaces the function return address with his address.
How this is done in heap overflow attacks? Also, is it ...
17
votes
4answers
4k views
Buffer Overflow Attack
I'm trying to execute a very simple buffer overflow attack. I'm pretty much a newbie to this. So, if this question is stupid, please excuse me :-)
The code:
#include<stdio.h>
...
16
votes
5answers
3k views
How are buffer overflows used to exploit computers?
How are buffer overflows used to exploit computers?
How is one able to execute arbitrary code simply by causing stack or heap overflows?
I understand that portions of the programs memory are ...
16
votes
3answers
813 views
Should the memory vulnerability of the line of code “printf(”%s“, argv[1]);” be described as a stack overflow?
Today, I took a short "C++ skills test" from Elance.com. One question was the following:
What is the security vulnerability of the following line of code:
printf("%s", argv[1]);
Option ...
15
votes
11answers
3k views
What C/C++ functions are most often used incorrectly and can lead to buffer overflows?
I've been asked to maintain a large C++ codebase full of memory leaks. While poking around, I found out that we have a lot of buffer overflows that lead to the leaks (how it got this bad, I don't ever ...
15
votes
3answers
355 views
Special PHP Errors
How can PHP cause memory leaks, buffer overflows, stack overflows and any other errors of such kind? Can PHP even cause such errors?
14
votes
5answers
3k views
Buffer overflow in C
I'm attempting to write a simple buffer overflow using C on Mac OS X 10.6 64-bit. Here's the concept:
void function() {
char buffer[64];
buffer[offset] += 7; // i'm not sure how large ...
12
votes
7answers
4k views
If your stack and heap are non-executable, how can your code run?
I read a book about buffer overflow, and it suggest the next to deal with:
Making the stack (and heap) non-executable provides a high degree of
protection against many types of buffer overflow ...
12
votes
3answers
6k views
Is buffer overflow/overrun possible in completely managed asp.net c# web application
Can there be buffer overflow/overrun vulnerabilities in completely managed asp.net web portal.If yes how can this be tested.
10
votes
5answers
5k views
Buffer overflow works in gdb but not without it
I am on CentOS 6.4 32 bit and am trying to cause a buffer overflow in a program. Within GDB it works. Here is the output:
[root@localhost bufferoverflow]# gdb stack
GNU gdb (GDB) Red Hat Enterprise ...
10
votes
4answers
903 views
how to skip a line doing a buffer overflow in c
I want to skip a line in C the line x=1; in the main section using bufferoverflow; however, I don't know why I can not skip the address from 4002f4 to the next address 4002fb in spite of the fact that ...
10
votes
1answer
5k views
Shellcode for a simple stack overflow: Exploited program with shell terminates directly after execve(“/bin/sh”)
I played around with buffer overflows on Linux (amd64) and tried exploiting a simple program, but it failed. I disabled the security features (address space layout randomization with sysctl -w ...
10
votes
3answers
467 views
Smashing the stack example3.c confusion
Article can be found here.
I'm reading up on smashing the stack and have found myself to be getting stuck on example3.c.
0x80004a3 <main+19>: call 0x8000470 <function>
0x80004a8 ...
9
votes
5answers
7k views
Is sscanf considered safe to use?
I have vague memories of suggestions that sscanf was bad. I know it won't overflow buffers if I use the field width specifier, so is my memory just playing tricks with me?
9
votes
4answers
738 views
Create buffer overflows in snow leopard
As part of a course at university in computer security, I'm soon about to learn about buffer overflows and how to use them to as exploits. I'm trying to do some simple buffer overflow with the ...
9
votes
7answers
594 views
What's a buffer?
As far as my understanding of languages goes, a buffer is any portion of memory in which a data is stored like an int,float variables, character arrays etc.
However, I was reading buffer overflows and ...
9
votes
2answers
481 views
Compile C to allow for Buffer Overflow
I am learning about buffer overflows and am trying to make one. I have this code:
#include <stdio.h>
char *secret = "password";
void go_shell() {
char *shell = "/bin/sh";
char *cmd[] ...
8
votes
2answers
2k views
Why does this memory address have a random value?
I am running linux on i386:x86_64.I've written a piece of c code and I've disassembled it as well as read the registers to understand how the program works in assembly. Below is my c program that I've ...
8
votes
4answers
2k views
Difference between - buffer overflow and return to libc attack
I want to comprehend the exact difference between these two types of attack. From what I have read:
Buffer Overflow: It overwrites the ret address on the stack to point to another section of the code ...
8
votes
1answer
78 views
Valgrind won't detect buffer overflow
#include <stdio.h>
main()
{
char buf[8];
sprintf(buf,"AAAA%3s","XXssssssssXXXsssssXXX");
printf("%s\n",buf);
}
I expected valgrind to detect a buffer overflow with the above ...
8
votes
1answer
190 views
Explain this code that runs a function without calling it explicitly?
The output of the code below is "Overflow", but I didn't explicitly call the func function. How does it work?
#include<stdio.h>
#include<string.h>
#include<stdlib.h>
int copy(char ...
8
votes
1answer
3k views
buffer overflow example from Art of Exploitation book
I was reading this book Art of Exploitation, which is kinda good book and I run across that example from exploit_notesearch.c file.
Briefly author tries to overflow program from notesearch.c
int ...
8
votes
3answers
397 views
Attempting a buffer overflow
I am attempting to change the result of a function using a buffer overflow to change the results on the stack with the following code:
#include <stdio.h>
#include <string.h>
#include ...
8
votes
1answer
2k views
return to libc - problem
I'm having problems with return-to-libc exploit. The problem is that nothing happens, but no segmentation fault (and yes I'm actually overflowing the stack).
This is my program:
int main(int argc, ...
8
votes
2answers
240 views
How does Visual Studio 2013 detect buffer overrun
Visual Studio 2013 C++ projects have a /GS switch to enable buffer security check validation at runtime. We are encountering many more STATUS_STACK_BUFFER_OVERRUN errors since upgrading to VS 2013, ...
7
votes
1answer
1k views
Buffer overflow attack format
Usually we all see the basic buffer overflow format which has :-
NOPs + shellcode + return_address
Why dont we use,
NOPs + return_address + shellcode? where we make the return address point to the ...
7
votes
3answers
5k views
Stack Overflow Exploit in C
The question is actually about stack overflows in C.
I have an assigment that I can not get done for the life of me, I've looked at everything in the gdb and I just cant figure it.
The question is ...
7
votes
1answer
488 views
Declaring hardcoded std::string causes buffer overflow
I have the following line in my program that causes a run-time warning:
if (!is_directory("C:\\NGFMS_Debug\\Files") && !create_directories("C:\\NGFMS_Debug\\Files"))
The text of the warning ...
7
votes
1answer
531 views
Smashing Stack on Ubuntu 11.10
Did any of you face the following problem when you try to overwrite the $esp pointer?
Of course trying a legit buffer size always works! But, when you try to increase the buffer size to overwrite the ...
7
votes
7answers
3k views
What are the prevention techniques for the Buffer overflow attacks?
what are the ideas of preventing buffer overflow attacks? and i heard about Stackguard,but until now is this problem completely solved by applying stackguard or combination of it with other ...
7
votes
1answer
225 views
impossible to write on stack (stack overflow)
I was experimenting some security stuff and especially trying to understand a ret2ret exploit.
The code I was experimentating on :
void foo(char * val){
char buffer[64];
int i;
...
7
votes
3answers
2k views
Modify return address on stack
I looked at the basics of buffer overflow vulnerabilities and tried to understand how the stack is working. For that I wanted to write a simple program which changes the address of the return address ...
7
votes
1answer
619 views
What is the most hardened set of options for GCC compiling C/C++?
What set of GCC options provide the best protection against memory corruption vulnerabilities such as Buffer Overflows, and Dangling Pointers? Does GCC provide any type of ROP chain mitigation? Are ...
6
votes
9answers
3k views
Can you give an example of a buffer overflow?
I've heard so much about buffer overflows and believe I understand the problem but I still don't see an example of say
char buffer[16];
//code that will over write that buffer and launch ...
6
votes
7answers
605 views
memory allocation in C
I have a question regarding memory allocation order.
In the following code I allocate in a loop 4 strings.
But when I print the addresses they don't seem to be allocated one after the other... Am I ...
Related Tags
c × 369
security × 97
c++ × 73
assembly × 69
exploit × 64
linux × 55
shellcode × 55
buffer × 46
stack × 42
gdb × 38
stack-overflow × 30
gcc × 28
x86 × 26
stack-smash × 20
fortify-source × 15
android × 14
string × 14
java × 12
printf × 10
buffer-overrun × 10
sockets × 10
memory × 10
python × 9
visual-c++ × 9
strcpy × 9
more related tags
Hot Network Questions
- License of code accompanying a published article
- Getting the property key from within a property's value
- Which is more efficient: Return a value vs. Pass by reference?
- How to render form in drupal 8
- What does “kilo-stones” mean?
- Single-word term for "Number of employees"
- Date of latest GitHub project release
- Does Water Breathing let someone breathe under the surface of *any* liquid, or just ordinary water?
- Software (with some kind of searchable DB) for categorizing and saving snippets of information
- Is q a quadratic residue of n?
- Open file with started vim from outside (in terminal)
- NP complete language having no Polytime decidable superset
- How to deal with a coworker who makes hateful comments on my religion?
- What is unit slotting?
- Which is more wet: ‘moist’ or ‘damp’?
- Can a Dragon really also be Half-Dragon?
- Why my miners are not using my stockpile?
- Reverse and square
- Hash for lambda function in Python
- Creating a Bundle | Core Service | Unknown Virtual Folder Type
- Find the next term in the number series?
- a house you can just move on in -- isn't the wording strange a little bit? Why not just say "a house you can just move in"?
- Are all Lie groups Matrix Lie groups?
- Why std::forward is useless in this context
