Harry Hochheiser, hhochheiser@towson.edu
// buffer overflow demo
#include <>
using namespace std;
int main() {
int importantData = 1;
int buffer[10];
cout << "importantData = " << importantData << endl;
cout << "buffer overflow " << endl;v
for (int i = 0; i < ??; i++)
buffer[i] = 7;
cout << "importantData = " << importantData << endl;
return 0;
}
- Type in the above program. What value should replace the ?? Compile and Run with this value.
- Replace the ?? with 20 this time. What happens? Why?
The following security checklist is a tool used to find potential security vulnerabilities in your programs. Read the checklist, apply it (as best you can) to the problem given above, and answer these questions:
- Describe the buffer overflow problem.
- Give three real life examples of buffer overflow attacks (research on the web, and indicate your sources).
- What can result from a buffer overflow?
- List three ways you could potentially overflow a buffer in your program.
- How could you prevent a buffer overflow from occurring in your program?
Some of the elements in the checklist may refer to material that we have not seen this semester. If so, please disregard them.
Please submit the program with appropriate marking (in color or alternate font) and your answers to these questions
| Security checklist | ||||
| Vulnerability | Buffer Overflow | |||
| Description | A buffer overflow occurs when data is written beyond the boundaries of a fixed length buffer overwriting adjacent memory locations which may include other buffers, variables and program flow data. | |||
| Risk | Writing outside the bounds of a block of allocated memory can corrupt data, crash the program, or cause the execution of malicious code.WARNING: over 80% of security problems result from buffer overflows! | |||
| Real World Exaple | The earliest known exploitation of a buffer overflow was the Morris worm in 1988. In 2001, the Code Red wormexploited a buffer overflow in Microsoft's Internet Information Services and in 2003 the SQLSlammer worm compromised machines running Microsoft SQL Server 2000. | |||
| Task: Check your code | Yes | No | Unsure | |
| 1. Check each array assignment that could result in an overflow (indices >= ARR_SIZE ) EX: arr[ARR_SIZE] = 0; | ||||
| 2.Check loop boundaries >= ARR_SIZE EX: for (i = 0; i <= ARR_SIZE; i++) array[i] = x;//off-by-one! | ||||
| 3. Check all indices that are input. EX: cin >> i; array[i] = x; | ||||
| 4. Are all string functions within range? (hint: do not use: gets, strcpy, sprintf) | ||||
| 5.Are arrays close to pointers? (Hint: remember the return address of a function is a pointer) | ||||
| Shaded area indicated this is a high security risk! | ||||
