In: Computer Science
Discuss how a stack buffer overflow attack is implemented.
In a buffer overflow attack, attacker would exploit by taking advantage of a program that is waiting on a user’s input. In stack based buffer overflow, the attacker stores a lot of data in the stack leading to its overflow.
Below is an example of C code executing stack overflow attack:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
int main(int argc, char *argv[])
{
// Reserve 5 byte of buffer plus the terminating NULL.
// should allocate 8 bytes = 2 double words,
// To overflow, need more than 8 bytes...
char buffer[5]; // If more than 8 characters input
// by user, there will be access
// violation, segmentation fault
// a prompt how to execute the program...
if (argc < 2)
{
printf("strcpy() NOT executed....\n");
printf("Syntax: %s <characters>\n", argv[0]);
exit(0);
}
// copy the user input to mybuffer, without any
// bound checking a secure version is srtcpy_s()
strcpy(buffer, argv[1]);
printf("buffer content= %s\n", buffer);
printf("strcpy() executed...\n");
return 0;
}
OUTPUT:
Input : 12345678 (8 bytes), the program run smoothly.
Input : 123456789 (9 bytes) "Segmentation fault" message will be displayed and the program terminates.