Buffer Overflow

February 23, 2021

• Buffer overflow happens when an unsafe buffer that reads in inputs goes outside the bounds of it’s intended memory address
• It can be deadly because the stack can be overwritten
• Can return an overwritten memory address by manipulating the eip register, which is the instruction pointer (next instruction)
• It may be harder to overwrite local variables and less useful, since compiler optimization may not overwrite where you want it to.
• Can also susceptible to shellcode exploits
• Most compilers will check for this malicion. Memory address randomization + stack smashing checking. You may need to disable this for educational purposes.
• Some outdated functions in C such as gets and strcpy are vulnerable!
• Useful tools: gdb, objdump
• Keywords: stack smashing comes first, followed by segmentation fault. Error may occur if you go out of bounds

References

• Smashing The Stack For Fun And Profit
• pwnable.kr challenges and writeups