Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 24 views

    Cs 10

    Uploaded by

    Danish Shaikh
    Buffer overflow occurs when more data is placed in a buffer than it was allocated to store. This can corrupt or overwrite other buffers, potentially allowing attackers to execute malicious code. An example C program demonstrates how a buffer overflow attack works by copying user input into a small buffer without bounds checking, leading to a segmentation fault if too much data is entered. While modern compilers provide some protections, runtime buffer overflows remain a security risk without extra mechanisms like exception handling.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Cs 10

    Uploaded by

    Danish Shaikh
    24 views3 pages
    Buffer overflow occurs when more data is placed in a buffer than it was allocated to store. This can corrupt or overwrite other buffers, potentially allowing attackers to execute malicious code. An example C program demonstrates how a buffer overflow attack works by copying user input into a small buffer without bounds checking, leading to a segmentation fault if too much data is entered. While modern compilers provide some protections, runtime buffer overflows remain a security risk without extra mechanisms like exception handling.

    Original Title

    Cs 10 (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Buffer overflow occurs when more data is placed in a buffer than it was allocated to store. This can corrupt or overwrite other buffers, potentially allowing attackers to execute malicious code. An example C program demonstrates how a buffer overflow attack works by copying user input into a small buffer without bounds checking, leading to a segmentation fault if too much data is entered. While modern compilers provide some protections, runtime buffer overflows remain a security risk without extra mechanisms like exception handling.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    24 views3 pages

    Cs 10

    Uploaded by

    Danish Shaikh
    Buffer overflow occurs when more data is placed in a buffer than it was allocated to store. This can corrupt or overwrite other buffers, potentially allowing attackers to execute malicious code. An example C program demonstrates how a buffer overflow attack works by copying user input into a small buffer without bounds checking, leading to a segmentation fault if too much data is entered. While modern compilers provide some protections, runtime buffer overflows remain a security risk without extra mechanisms like exception handling.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 3

    Experiment 10

    Engroll No:- SS20C0011 Name:- Prem Bonde

    Aim: Demonstrate Buffer Overflow Attack.


    Theory:
    What is buffer?
    A buffer is a temporary area for data storage. When more
    data (than was originally allocated to be stored) gets
    placed by a program or system process, the extra data
    overflows. It causes some of that data to leak out into other
    buffers, which can corrupt or overwrite whatever data they
    were holding.
    Buffer Overflow Attack:
    In a buffer-overflow attack, the extra data sometimes holds
    specific instructions for actions intended by a hacker or
    malicious user; for example, the data could trigger a
    response that damages files, changes data or unveils
    private information.
    Attacker would use a buffer-overflow exploit to take
    advantage of a program that is waiting on a user’s input.
    There are two types of buffer overflows: stack-based and
    heap-based. Heap-based, which are difficult to execute
    and the least common of the two, attack an application by
    flooding the memory space reserved for a program. Stack-
    based buffer overflows, which are more common among
    attackers, exploit applications and programs by using what
    is known as a stack: memory space used to store user input.
    Example that shows the danger of such situations based on
    the C programming.

    //AC program to demonstrate buffer overflow


    #include <stdio.h>
    #include <string.h>
    #include <stdlib.h>
    Int main(int argc, char *argv[])
    {
    // Reserve 5 byte of buffer plus the terminating NULL.
    // should allocate 8 bytes = 2 double words, // To overflow,
    need more than 8 bytes… char buffer[5]; // If more than 8
    characters input
    // by user, there will be access
    //violation, segmentation fault
    // a prompt how to execute the program…
    If (argc <2)
    {
    Printf(“strcpy() NOT executed….\n”); printf(“Syntax: %s
    <characters>\n”, argv[0]); exit(0);
    }
    // copy the user input to mybuffer, without any
    // bound checking a secure version is srtcpy_s()
    strcpy(buffer, argv[1]);
    Printf(“buffer content=%s\n”, buffer);
    // you may want to try strcpy_s() printf(“strcpy()
    executed…\n”);
    Return 0;
    }
    Compiling this program in Linux and for output use
    command output_file INPUT
    Input: 12345678 (8 bytes), the program run smoothly.

    Input: 123456789 (9 bytes)


    “Segmentation fault” message will be displayed and the
    program terminates.

    In the example, we did not implement any malicious code


    injection but just to show that the buffer can be overflow.
    Modern compilers normally provide overflow checking
    option during the compile/link time but during the run time it
    is quite difficult to check this problem without any extra
    protection mechanism such as using exception handling.

    Conclusion: Here, we learned about Buffer Overflow Attack.

    You might also like