Scribd
Upload
17 views4 pages

13 Advance Topics

This document discusses the buffer overflow network attack. A buffer overflow occurs when data exceeds the boundary of the buffer, potentially causing a crash or privilege escalation. For example, a gets() function may not check the array bounds of user input string length, allowing an attacker to supply excessive input that overwrites memory like a password integer. To prevent this, functions like fgets() and strncmp() should be used instead of gets() and strcmp() as they allow specifying maximum sizes. A stack overflow specifically smashes the return address to execute custom code.

Uploaded by

Jayesh Shinde
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views4 pages

13 Advance Topics

This document discusses the buffer overflow network attack. A buffer overflow occurs when data exceeds the boundary of the buffer, potentially causing a crash or privilege escalation. For example, a gets() function may not check the array bounds of user input string length, allowing an attacker to supply excessive input that overwrites memory like a password integer. To prevent this, functions like fgets() and strncmp() should be used instead of gets() and strcmp() as they allow specifying maximum sizes. A stack overflow specifically smashes the return address to execute custom code.

Uploaded by

Jayesh Shinde
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Network Attacks

Buffer overflow Attack


 Buffer overflow is common in program when data exceeds
the boundary of the buffer.
 Attacker tries to store too much information in an
undersized receptacle – most exploits are based on buffer
overflow

Cause crash/seg fault/etc

 Overflow the stack or heap


Buffer Overflow Example Compare password if correct –
thegeekstuff – escalate privilege

Gets() function does not check array bounds


Length of string could be greater than the size of
buffer

Supply input length > buffer size (20 ‘h’ there);


Overwrites the memory of integer ‘pass’
‘pass’ becomes nonzero, 8 bytes of excessive ‘h’->int
8 bytes
Use fgets() instead of gets(), strncmp() instead
of strcmp(), strncpy() instead of strcpy()
Stack Overflow
 Smashes the return address of a function to some custom code

You might also like