Gray Hat Hacking, Second Edition, 2nd Edition

Buffer Overflows

Now that you have the basics down, we can get to the good stuff.

As described in Chapter 6, buffers are used to store data in memory. We are mostly interested in buffers that hold strings. Buffers themselves have no mechanism to keep you from putting too much data in the reserved space. In fact, if you get sloppy as a programmer, you can quickly outgrow the allocated space. For example, the following declares a string in memory of 10 bytes:

char  str1[10];

So what happens if you execute the following?

strcpy (str1, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");

Let’s find out.

//overflow.c
main(){
   char str1[10];                         //declare a 10 byte string
   //next, copy 35 bytes of "A" to str1
   strcpy (str1, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
}

Then ...

Get Gray Hat Hacking, Second Edition, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Gray Hat Hacking, Second Edition, 2nd Edition by Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness

Buffer Overflows

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly