Data Structures Tutorial

Data Structures Tutorial Asymptotic Notation Structure and Union Array Data Structure Linked list Data Structure Type of Linked list Advantages and Disadvantages of linked list Queue Data Structure Implementation of Queue Stack Data Structure Implementation of Stack Sorting Insertion sort Quick sort Selection sort Heap sort Merge sort Bucket sort Count sort Radix sort Shell sort Tree Traversal of the binary tree Binary search tree Graph Spanning tree Linear Search Binary Search Hashing Collision Resolution Techniques

Misc Topic:

Priority Queue in Data Structure Deque in Data Structure Difference Between Linear And Non Linear Data Structures Queue Operations In Data Structure About Data Structures Data Structures Algorithms Types of Data Structures Big O Notations Introduction to Arrays Introduction to 1D-Arrays Operations on 1D-Arrays Introduction to 2D-Arrays Operations on 2D-Arrays Strings in Data Structures String Operations Application of 2D array Bubble Sort Insertion Sort Sorting Algorithms What is DFS Algorithm What Is Graph Data Structure What is the difference between Tree and Graph What is the difference between DFS and BFS Bucket Sort Dijkstra’s vs Bellman-Ford Algorithm Linear Queue Data Structure in C Stack Using Array Stack Using Linked List Recursion in Fibonacci Stack vs Array What is Skewed Binary Tree Primitive Data Structure in C Dynamic memory allocation of structure in C Application of Stack in Data Structures Binary Tree in Data Structures Heap Data Structure Recursion - Factorial and Fibonacci What is B tree what is B+ tree Huffman tree in Data Structures Insertion Sort vs Bubble Sort Adding one to the number represented an array of digits Bitwise Operators and their Important Tricks Blowfish algorithm Bubble Sort vs Selection Sort Hashing and its Applications Heap Sort vs Merge Sort Insertion Sort vs Selection Sort Merge Conflicts and ways to handle them Difference between Stack and Queue AVL tree in data structure c++ Bubble sort algorithm using Javascript Buffer overflow attack with examples Find out the area between two concentric circles Lowest common ancestor in a binary search tree Number of visible boxes putting one inside another Program to calculate the area of the circumcircle of an equilateral triangle Red-black Tree in Data Structures Strictly binary tree in Data Structures 2-3 Trees and Basic Operations on them Asynchronous advantage actor-critic (A3C) Algorithm Bubble Sort vs Heap Sort Digital Search Tree in Data Structures Minimum Spanning Tree Permutation Sort or Bogo Sort Quick Sort vs Merge Sort Boruvkas algorithm Bubble Sort vs Quick Sort Common Operations on various Data Structures Detect and Remove Loop in a Linked List How to Start Learning DSA Print kth least significant bit number Why is Binary Heap Preferred over BST for Priority Queue Bin Packing Problem Binary Tree Inorder Traversal Burning binary tree Equal Sum What is a Threaded Binary Tree? What is a full Binary Tree? Bubble Sort vs Merge Sort B+ Tree Program in Q language Deletion Operation from A B Tree Deletion Operation of the binary search tree in C++ language Does Overloading Work with Inheritance Balanced Binary Tree Binary tree deletion Binary tree insertion Cocktail Sort Comb Sort FIFO approach Operations of B Tree in C++ Language Recaman’s Sequence Tim Sort Understanding Data Processing

Buffer overflow attack with examples

You have undoubtedly faced the term buffer overflow in your programming journey. Many times it occurs when we try to run a piece of code with user input, but it gives some error like stack buffer overflow or heap buffer overflow or something like segmentation fault. So, let's try to understand this topic.

What is Buffer?

When we run a program, particular types of memory are used to store data and the program also. This memory is called a buffer. Buffer lives in RAM. It is a sequential section of memory to contain anything from character strings to integer numbers. Buffer improves the performance of a computer.

What is Buffer Overflow?

Some programming languages like C and C++ allow the programmers to allocate memory for the buffer. When a user puts an input beyond the memory of the buffer, inputs are stored nearby memory or buffers, which is not allowed. It happens because the programmer has not used anyway to check the input. Some built-in functions of C and CPP languages are also a way to create buffer overflow.

Example: -

Let’s take a piece of code as example

#include <bits/stdc++.h>
using namespace std;


int main() {
	vector<int> arr(2,0);
	arr[0] = 5;
	arr[1] = 6;
	arr[4] = arr[9];
	return 0;
}

Here firstly, we declare a vector arr of size 2. But after that, we are trying to allocate some data in arr[4]. As there does not exist any memory location for it so, there will occur buffer overflow because the information should be stored for this purpose; we need to modify the nearby memory.

Types of buffer overflow: -

Stack buffer overflow: Stack is an integral part of programming. In memory allocation of buffer, the stack is used. When we call a new function, a stack is created for that purpose. When the overflow occurs in the function, it is called a stack buffer overflow.

Heap buffer overflow: When overflow occurs in the open memory pool, it is called a heap buffer overflow.

Integer Overflow: This type of overflow frequently occurs in our programming practices. When we take two integer type values and multiply them and try to store them in an integer type variable, it causes an overflow.

Some Results of Buffer Overflow: -

  1. It causes the update of a memory location that is unwanted and not permissible.
  2. It may crash your system.
  3. It also creates a way for attackers to manipulate the private data.

Buffer Overflow attack: -

Buffer overflow is the weak point of any app or programmed system. Attackers target this point and manipulate the code. For this reason, a big problem in cybersecurity arises.

Example: In 2014, a cyber threat named "heartbled" was exposed to hundreds of millions of users due to a buffer overflow in SSL software.

The way of attack: -       

When attackers find buffer overflow, they try to inject their shellcode into the main code to manipulate the program. There are different parts of this malicious content which control the data. The parts are as follows:

  1. A chain of bytes which represent NOP instruction ( programs that are not executable).
  2. A new return address which points to the NOP bytes.
  3. Arbitrary code is located somewhere in the middle of the chain of bytes.

Types of Buffer Overflow attacks:

Stack buffer overflow attack: It is the most common buffer overflow attack because it is very easy. Here call stack is used.

Heap buffer overflow attack: When an overflow attack occurs in the available memory pool, it is called a heap buffer overflow.

Integer Overflow attack: When we take two integer-types values and multiply them and try to store them in an integer type variable, it causes overflow. It also may result in an attack.

Prevention methods: -

  1. Selection of language: Many programming languages are prone to buffer overflow, but the limit of such attacks varies on the language that is used to write the vulnerable program. Code written in Perl or JavaScript or python is generally not vulnerable to buffer overflows. Buffer overflow in a program which is written in C, CPP, Fortran or assembly could allow the attackers to compromise the targeted system fully.
  2. Use of safe library and functions: In many cases occurs because of using library functions which do not check any boundaries. Functions like gets, printf, scanf and strcpy are of this type. So, it is highly recommended not to use this type of library or function.
  3. Testing: It is one of the suitable measures to prevent buffer overflow. We can find the faulty code and patch the bug by edge testing. It is an advantageous method in software which are under development process.

Note: We can also use the methods like deep packet inspection, address space layout randomization, Executable space protection, Buffer overflow protection etc.



ADVERTISEMENT
ADVERTISEMENT