Buffer overflow attack with examples
You have undoubtedly faced the term buffer overflow in your programming journey. Many times it occurs when we try to run a piece of code with user input, but it gives some error like stack buffer overflow or heap buffer overflow or something like segmentation fault. So, let's try to understand this topic.
What is Buffer?
When we run a program, particular types of memory are used to store data and the program also. This memory is called a buffer. Buffer lives in RAM. It is a sequential section of memory to contain anything from character strings to integer numbers. Buffer improves the performance of a computer.
What is Buffer Overflow?
Some programming languages like C and C++ allow the programmers to allocate memory for the buffer. When a user puts an input beyond the memory of the buffer, inputs are stored nearby memory or buffers, which is not allowed. It happens because the programmer has not used anyway to check the input. Some built-in functions of C and CPP languages are also a way to create buffer overflow.
Example: -
Let’s take a piece of code as example
#include <bits/stdc++.h>
using namespace std;
int main() {
vector<int> arr(2,0);
arr[0] = 5;
arr[1] = 6;
arr[4] = arr[9];
return 0;
}
Here firstly, we declare a vector arr of size 2. But after that, we are trying to allocate some data in arr[4]. As there does not exist any memory location for it so, there will occur buffer overflow because the information should be stored for this purpose; we need to modify the nearby memory.
Types of buffer overflow: -
Stack buffer overflow: Stack is an integral part of programming. In memory allocation of buffer, the stack is used. When we call a new function, a stack is created for that purpose. When the overflow occurs in the function, it is called a stack buffer overflow.
Heap buffer overflow: When overflow occurs in the open memory pool, it is called a heap buffer overflow.
Integer Overflow: This type of overflow frequently occurs in our programming practices. When we take two integer type values and multiply them and try to store them in an integer type variable, it causes an overflow.
Some Results of Buffer Overflow: -
- It causes the update of a memory location that is unwanted and not permissible.
- It may crash your system.
- It also creates a way for attackers to manipulate the private data.
Buffer Overflow attack: -
Buffer overflow is the weak point of any app or programmed system. Attackers target this point and manipulate the code. For this reason, a big problem in cybersecurity arises.
Example: In 2014, a cyber threat named "heartbled" was exposed to hundreds of millions of users due to a buffer overflow in SSL software.
The way of attack: -
When attackers find buffer overflow, they try to inject their shellcode into the main code to manipulate the program. There are different parts of this malicious content which control the data. The parts are as follows:
- A chain of bytes which represent NOP instruction ( programs that are not executable).
- A new return address which points to the NOP bytes.
- Arbitrary code is located somewhere in the middle of the chain of bytes.
Types of Buffer Overflow attacks:
Stack buffer overflow attack: It is the most common buffer overflow attack because it is very easy. Here call stack is used.
Heap buffer overflow attack: When an overflow attack occurs in the available memory pool, it is called a heap buffer overflow.
Integer Overflow attack: When we take two integer-types values and multiply them and try to store them in an integer type variable, it causes overflow. It also may result in an attack.
Prevention methods: -
- Selection of language: Many programming languages are prone to buffer overflow, but the limit of such attacks varies on the language that is used to write the vulnerable program. Code written in Perl or JavaScript or python is generally not vulnerable to buffer overflows. Buffer overflow in a program which is written in C, CPP, Fortran or assembly could allow the attackers to compromise the targeted system fully.
- Use of safe library and functions: In many cases occurs because of using library functions which do not check any boundaries. Functions like gets, printf, scanf and strcpy are of this type. So, it is highly recommended not to use this type of library or function.
- Testing: It is one of the suitable measures to prevent buffer overflow. We can find the faulty code and patch the bug by edge testing. It is an advantageous method in software which are under development process.
Note: We can also use the methods like deep packet inspection, address space layout randomization, Executable space protection, Buffer overflow protection etc.