Stack Overflow
Stack Overflow

Questions tagged [buffer-overflow]

Usually occurs when you attempt to copy data into a buffer without checking for sufficient space, causing data to be overwritten in neighboring cells.

RAM is divided into memory cells with each cell capable of storing a single byte on it's own. Applications use different sizes of the same data type to fulfill their computational needs, which can vary between a single or multiple (arrays) or dynamically allocated (pointers). Problems usually arise when software developers employ the use of arrays or pointers without verifying the destination buffer has sufficient or adequate space.

char Target[10];
char Input[20];
strcpy( Target, Input); // 1st Parameter: Destination, 2nd Parameter: Data

The code listed above plus certain conditions can exhibit the buffer-overflow corruption. If the coder doesn't take the necessary precautions to validate target/input, it will result in data being fed into adjacent memory cells corrupting whatever contents is stored within them.

Such results can be devastating as they affect overall system integrity.

1483 questions
8
votes
4 answers

Using buffer overflow to execute shell code

I've been learning computer security lately and come across a couple problems, and i'm having some trouble with this one in particular. I'm given a function with a fixed buffer I need to overflow in order to execute shellcode in the file shellcode.…
Syntactic Fructose
  • 18,936
  • 23
  • 91
  • 177
8
votes
7 answers

strcpy when dest buffer is smaller than src buffer

I am trying to understand the difference/disadvantages of strcpy and strncpy. Can somebody please help: void main() { char src[] = "this is a long string"; char dest[5]; strcpy(dest,src) ; printf("%s \n", dest); printf("%s \n", src); } The…
user193891
  • 103
  • 1
  • 1
  • 3
8
votes
4 answers

Buffer Overflow not working

I was trying to do a buffer overflow (I'm using Linux) on a simple program that requires a password. Here's the program code: #include #include #include int check_authentication(char *password){ int auth_flag =…
jndok
  • 909
  • 3
  • 14
  • 28
8
votes
1 answer

Explain this code that runs a function without calling it explicitly?

The output of the code below is "Overflow", but I didn't explicitly call the func function. How does it work? #include #include #include int copy(char *input) { char var[20]; strcpy(var, input); return…
wilbeibi
  • 3,403
  • 4
  • 25
  • 44
8
votes
3 answers

Modify return address on stack

I looked at the basics of buffer overflow vulnerabilities and tried to understand how the stack is working. For that I wanted to write a simple program which changes the address of the return address to some value. Can anybody help me with figuring…
fliX
  • 773
  • 8
  • 24
8
votes
3 answers

Is PHP buffer overflow possible?

Possible Duplicate: How to conduct buffer overflow in PHP/Python? I was reading this tutorial, when I came into this: A buffer overflow attack seeks to overflow the memory allocation buffer inside your PHP application or, more seriously, in…
Surfer on the fall
  • 721
  • 1
  • 8
  • 34
7
votes
1 answer

Declaring hardcoded std::string causes buffer overflow

I have the following line in my program that causes a run-time warning: if (!is_directory("C:\\NGFMS_Debug\\Files") && !create_directories("C:\\NGFMS_Debug\\Files")) The text of the warning is as so: "A buffer overrun has occurred in XXX.exe which…
Ian
  • 4,169
  • 3
  • 37
  • 62
7
votes
3 answers

C Code how to change return address in the code?

I just wrote a C Code which is below : #include #include void func(char *str) { char buffer[24]; int *ret; strcpy(buffer,str); } int main(int argc,char **argv) { int x; x=0; …
Santosh V M
  • 1,541
  • 7
  • 25
  • 41
7
votes
1 answer

Buffer overflow attack format

Usually we all see the basic buffer overflow format which has :- NOPs + shellcode + return_address Why dont we use, NOPs + return_address + shellcode? where we make the return address point to the start of the shellcode? Im guessing that this is…
user277465
7
votes
2 answers

How to send arbitary bytes to STDIN of a program in gdb?

I am developing buffer overflow exercises for students. In this context you often have to provide arbitary bytes as input for programs (return addresses). Assume this example: #import #import void func() { char buf[4]; …
Michael Palm
  • 337
  • 5
  • 16
7
votes
3 answers

Why is my stack buffer overflow exploit not working?

So I have a really simple stackoverflow: #include int main(int argc, char *argv[]) { char buf[256]; memcpy(buf, argv[1],strlen(argv[1])); printf(buf); } I'm trying to overflow with this code: $(python -c "print…
watchy
  • 81
  • 1
  • 8
7
votes
2 answers

Set RTSP/UDP buffer size in FFmpeg/LibAV

Note: I'm aware ffmpeg and libav are different libraries. This is a problem common to both. Disclaimer: Duplicate of SO question marked as answered but actually didn't give a proper solution. Insufficient UDP buffer size causes broken streams for…
Sergio Basurco
  • 3,488
  • 2
  • 22
  • 40
7
votes
1 answer

impossible to write on stack (stack overflow)

I was experimenting some security stuff and especially trying to understand a ret2ret exploit. The code I was experimentating on : void foo(char * val){ char buffer[64]; int i; for (i=0; val[i]!=0; i++) buffer[i]=val[i]; …
user3102158
  • 173
  • 9
7
votes
3 answers

Can `recv()` result in a buffer overflow?

I'm introducing myself to socket programming in C/C++, and am using send() and recv() to exchange data between a client and server program over TCP sockets. Here are some relevant excerpts from my code: server.c: char recv_data[1024]; // Socket…
DJSunny
  • 1,970
  • 3
  • 19
  • 27
7
votes
2 answers

Inputting Non ASCII characters to scanf("%s")

Is there a way one can issue non ascii hex characters to a scanf that uses %s ? I'm trying to insert hexadecimal chars like \x08\xDE\xAD and so on (to demonstrate buffer overflow). The input is not to a command line parameter, but to a scanf inside…
asudhak
  • 2,929
  • 4
  • 22
  • 27
1 2 3
98 99