buffer overflow

[42trojan42]

can anyone explain what's a buffer overflow attack!?!?

[Frought]

Well, let's say you have a buffer that is the according:

Code:

char Buffer[5];
strcpy(Buffer, "More than 5 chars is a buffer overflow");

That is an example of how buffer overflow occurs, basically it is when you try to make the buffer hold that it's size.

[Hitokiri~]

Since the above explanation sucks...

A buffer overflow attempts to write data outside of a specific memory region allocated.
It is commonly used as an attack ( or exploit ) to allow a program to execute things that it isn't supposed to normally execute.

Consider the following C code:

Code:

const char* myFunc( int myNum ){
   static char num2Str[5];

   sprintf( num2Str, "%i", myNum );
   return num2Str;
}

What happens if we pass the number "99999" to it?
A buffer overflow occurs. Why?

Let's look at it:
- 5 characters of '9'
- 1 null terminator

But the buffer is only 5 bytes in size. So what happens? It overwrites the adjacent memory.
Assume the memory looks like this:

Code:

num2Str  anotherVariable

xxxxx     xxxxxxxxxxxxx

Assuming we write the memory with the above "99999" integer passed, it will now look like this:

Code:

num2Str  anotherVariable

99999     0xxxxxxxxxxx

As you can see, the highest byte of "anotherVariable" gets overwritten with the null terminator ( 0 ).

That's essentially what static memory buffer overflows are.
Stack based buffer overflows occur when the same thing above happens, but on the stack.

This can be used to redirect your RIP/EIP register to perform code execution that shouldn't normally happen.

[42trojan42]

Since the above explanation sucks...

A buffer overflow attempts to write data outside of a specific memory region allocated.
It is commonly used as an attack ( or exploit ) to allow a program to execute things that it isn't supposed to normally execute.

Consider the following C code:

Code:

const char* myFunc( int myNum ){
   static char num2Str[5];

   sprintf( num2Str, "%i", myNum );
   return num2Str;
}

What happens if we pass the number "99999" to it?
A buffer overflow occurs. Why?

Let's look at it:
- 5 characters of '9'
- 1 null terminator

But the buffer is only 5 bytes in size. So what happens? It overwrites the adjacent memory.
Assume the memory looks like this:

Code:

num2Str  anotherVariable

xxxxx     xxxxxxxxxxxxx

Assuming we write the memory with the above "99999" integer passed, it will now look like this:

Code:

num2Str  anotherVariable

99999     0xxxxxxxxxxx

As you can see, the highest byte of "anotherVariable" gets overwritten with the null terminator ( 0 ).

That's essentially what static memory buffer overflows are.
Stack based buffer overflows occur when the same thing above happens, but on the stack.

This can be used to redirect your RIP/EIP register to perform code execution that shouldn't normally happen.

thank you very much ! but maybe you should change your font for the next time

[Frought]

Since the above explanation sucks...

A buffer overflow attempts to write data outside of a specific memory region allocated.
It is commonly used as an attack ( or exploit ) to allow a program to execute things that it isn't supposed to normally execute.

Consider the following C code:

Code:

const char* myFunc( int myNum ){
   static char num2Str[5];

   sprintf( num2Str, "%i", myNum );
   return num2Str;
}

What happens if we pass the number "99999" to it?
A buffer overflow occurs. Why?

Let's look at it:
- 5 characters of '9'
- 1 null terminator

But the buffer is only 5 bytes in size. So what happens? It overwrites the adjacent memory.
Assume the memory looks like this:

Code:

num2Str  anotherVariable

xxxxx     xxxxxxxxxxxxx

Assuming we write the memory with the above "99999" integer passed, it will now look like this:

Code:

num2Str  anotherVariable

99999     0xxxxxxxxxxx

As you can see, the highest byte of "anotherVariable" gets overwritten with the null terminator ( 0 ).

That's essentially what static memory buffer overflows are.
Stack based buffer overflows occur when the same thing above happens, but on the stack.

This can be used to redirect your RIP/EIP register to perform code execution that shouldn't normally happen.

It is the same explanation but you have just added some small extra..

[Hitokiri~]

small extra

"small".
Actually, I didn't quite understand your post so I decided to elaborate.