November 26, 2004

The Buffer Overflow – In Layman’s Terms

I’m sure that the words “buffer overflow exploit” are not unfamiliar to you. Every month, some security expert discovers another one in some popular program, and we are all forced to upgrade. However, not an awful lot of people know what it means. I am now going to explain to you what it means, and hopefully bv the end of this article you will be as livid as I am that this keeps on happening.

Many programs are written using the programming language called C (or C++, which is an object-orientated language that contains all the features of C, and more). C has some pretty basic string manipulation functions, and it is one of these that is the cause of all these buffer overflows.
Take this example. We want to get input from the user. Perhaps their name. So we generate a string to store it in. Names aren’t generally very long, so let’s create a string of length 64 characters to put it in.
Now, what happens if the user enters in a name that is 256 characters long? The sensible thing would be to store the first 64 characters, and discard the last 192. And C can do this. But only if you tell it to.
If you forget to include this check, it will put the first 64 characters into your string, and the remaining 192 characters will be put into the portion of memory immediately after your string.
Of course, you can see where this is going. That portion of memory which has just been overwritten by the last 3/4 of your user’s name was probably being used by another program entirely. So far, you wouldn’t have thought this to be a problem. The other program suddenly finds that some data has changed underneath it, gets confused, terminates gracefully.
Unfortunately, that’s only half of the trick. The wily hacker will not just put 192 characters of nomenclature into this illicitly-accessed memory, but an entire program. And then execute it.
So you’re screwed. Or, should I say, buffered.
It’s not hard to take advantage of such vulnerabilities either.


6 thoughts on “The Buffer Overflow – In Layman’s Terms

  1. I used to do that all the time at university. I called it “Learning how to do pointers, linked lists and strings”. It was second year I think. I regularly crashed my projects my accidentally over writing the wrong bit of memory. Although the only thing I was exploiting was my patience.

  2. I don’t think it counts if you are only breaking your own programs and your own computer, all in aid of trying to simulate a rocket going to the moon. The project was named “siumthrust”

  3. At Uni, they taught us Java. They obviously thought that we couldn’t be trusted to manage our own memory.

  4. When I was in Java, they didn’t have a Uni.
    Any chance of a Smirnoff Blue, while I’m here?

Comments are closed.