Hackers Beware

Sample Buffer Overflow

To illustrate the kind of assumptions that programmers make, which create opportunities for buffer overflow attacks, let’s look at a simple example. First, let’s set up a buffer that can contain 256 characters. Then, because we do not perform proper bounds checking, an attacker inserts 512 characters into the 256-character buffer, which overflows the buffer. This is a very simple example of a denial of service buffer overflow attack. The attacker just puts as much data as possible onto the stack with the hope of crashing the machine. Here is the code for this example:

void func(void) 
     {
          int i; char buffer[256]; 
          for(i=0;i<512;i++) 
               buffer[i]='A'; 
          return; 
}

As you can see, the container can only hold 256 characters, yet ...

Get Hackers Beware now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Hackers Beware by Eric Cole

Sample Buffer Overflow

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly