Re: Help me stay away from visual C++ :)
On Tue, 27 Jul 1999, venu wrote:
> >The more I think about it, the following is better.
> >No more buffer overflow problem.
> ~~~~~~~~~~~~~~~~
>
> have heard lots about it in security bulletins ...
> what is a buffer over flow ? and how does it appear in code ?
In C, you (almost) always have to declare beforehand how big your data
structures are going to be. So, let's say you're writing a program, and
you decide a char array will have 10 elements to hold user input. Looks
something like this using a box diagram.
[ ][ ][ ][ ][ ][ ][ ][ ][ ][ ]
So, what happens if someone enters "abcdefghijklmno" and you don't check
the length?
[a][b][c][d][e][f][g][h][i][j] k l m n o
C doesn't care that there isn't room in your array for k, l, m, n, or o in
your array, it just happily overwrites whatever was there. This is the
buffer overrun.
If that part that was overwritten was part of your program that was
supposed to be executed later on, whatever "klmno" means as machine code
will be executed instead! "klmno" probably would just make the program
crash, but by overrunning the buffer with the right characters a cracker
can convince the program to do anything [s]he wants! If the overwritten
data was the return address for a call, the program will jump to some
random (or not-so-random) spot in memory, which again lets the cracker do
just about anything if planned properly. If the overwritten memory was the
string used for a system() call, the cracker can have the program run any
shell command with the privlages of that process (suid copies of sh
anyone?).
Reply to: