Avoiding Buffer Overflows
Buffer overflows are a fertile source of bugs and malicious attacks.
They occur when a program attempts to write data past the end of a
buffer. Consider this example:
#include
int main()
{
char buff[15] = {0}; /*zero initialize all elements*/
printf("enter your name: ");
scanf(buff, "%s"); /*dangerous, length unchecked*/
}
The program reads a string from the standard input (the keyboard) but
doesn't check the string's length. If the string has more than 14
characters, then it causes a buffer overflow as scanf() tries to write
the remaining characters past buff's end (remember that one character
is always reserved for a null terminator). The result is most likely a
segmentation fault that crashes the program. In certain conditions, the
users will receive a shell's prompt after the crash. Even if the shell
has restricted privileges, they can examine the values of environment
variables, list the current directory files or detect the network with
the ping command.
A more dangerous situation evolves when the program doesn't crash due
to a buffer overflow though. An expert familiar the system's internals
can craft a string that is just long enough to overwrite the program's
IP (instruction pointer, a pointer to the program's next instruction).
If the last 4 bytes of such a string contain a valid memory address,
then the program's flow can be altered. Instead of executing the next
instruction, the program will execute the code to which the new IP
points. It might call another routine or skip code that performs
security checks. I will not go through the gory details here, but this
isn't an unlikely scenario.
Some famous break-ins are based on exploiting such buffer overflows.
One well-documented example is the Red Hat 4.2 suiperl bug, which
resulted from using the function sprintf() (see
http://www.ryanspc.com/exploits/perl.txt for further information).
What can you do to avert buffer overflows? Always check the bounds of
an array before writing it to a buffer. If this is impossible (e.g.,
when the input is coming from a CGI script), then use functions that
limit the number of input characters. For instance, instead of using
scanf(), use the fgets() function, which reads characters up to a
specified limit:
int main()
{
char buff[15] = {0};
fgets(buff, sizeof(buff), stdin); /*read at most 14 chars*/
}
Additionally, the standard string functions have versions that take an
explicit size limit. Thus, instead of strcpy(), strcmp(), and sprintf
(), use strncpy(), strncmp(), and snprint(), respectively.
Read more about news in ITworld's News section
» posted by ITworld staff
ITworld
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
