Lesson 13

Date: 6/28/2017
Linux Network Security
Linux System Administration

Stack overflow example

  • A buffer overflow is the result of stuffing more data into a buffer than it can handle.
  • In the example, the program has a function with a typical buffer overflow coding error.
  • Dangerous functions for stack overflow (don't check the string boundaries): strcat(), strcpy(), sprintf(), vsprintf(), gets(), scanf().

  • To exploit such flaw, an attacker would need to give a specially crafted encoded input. It can be done localy by using a rootkit or over a network by sending a packet with improperly advertised lengths.
    #include <string.h>
    void function(char *str) {
    char buffer[16];
    int main() {
    char large_string[256];
    int i;
    for( i = 0; i < 255; i++)
    large_string[i] = 'A';

    Take me to the Course Website