Buffer overflow
28
Buffer Overflow
Transcript of Buffer overflow
Buffer Overflow
Prepared by :Qusai Nsour
BAU- Computer science master2015
What is a Data buffer?
• In computer science, a data buffer (or just buffer) is a region of a physical memory storage used to temporarily store data while it is being moved from one place to another.
• https://en.wikipedia.org/wiki/Data_buffer#Buffer_versus_cache
What is a Data buffer?- cont.
• The RP (resource pool) divides its processor memory into pools. Each pool contains a number of memory blocks of equal size. These memory blocks are called buffers.
• http://www.cisco.com/c/en/us/support/docs/interfaces-modules/channel-interface-processors/14620-41.html
Why Buffers?
• Like a cache, a buffer is a "midpoint holding place" but exists not so much to accelerate the speed of an activity as to support the coordination of separate activities.
• http://whatis.techtarget.com/definition/buffer
Bounded Buffers
• To minimize the amount of waiting time for threads that share resources and operate at the same average speeds, we can implement a bounded buffer that provides a fixed number of buffer cells into which the Producer can place values, and from which the Consumer can retrieve those values.
• Java™ How to Program, Seventh Edition By H. M. Deitel - Deitel & Associates, Inc., P. J.
Buffer failure
• Buffer PoolsThere are six buffer pools:1.Small—104 bytes buffers2.Middle—600 byte buffers3.Big—1524 byte buffers4.VeryBig—4520 byte buffers5.Large—5024 byte buffers6.Huge—18024 byte buffers
Buffer failure – cont.
• For example, if an interface processor needs to pass a 20 byte packet to the RP, it “asks” for a Small buffer. If an interface processor needs to pass a 500 byte packet to the RP, it asks for a Middle buffer, and so forth.
• Note: The interface processor must ask for a buffer of a certain size.
• When the interface processor asks for a buffer, this occurs:
Buffer failure – cont.
• If a free buffer exists within the requested pool, the buffer is granted. Otherwise, the request generates a “miss” and the buffer algorithm tries to “create” more buffers for that pool .
Buffer failure – cont.
• When IOS fails to get a Small buffer, it does not drop the packet. It increments the failed counter and falls through to the next level buffer, which is the Middle buffer and requests a buffer there. If it fails to get a Middle buffer, it requests the next level buffer, which is a Big buffer. This process continues until it hits the Huge buffer pool. If it fails to get a Huge buffer, then it drops the packet.
Buffer failure – cont.
• When you use the IBM feature set, a miss almost always generates a failure.
• Although the IBM features may be process-switched, the code to get a buffer to pass a packet from an interface to the RP executes at interrupt level.
Buffer failure – cont.
• Buffers can not be created at interrupt level; consequently, a miss queues its request for more buffers to the RP.
• Because an additional buffer can not be created on the spot, the buffer request fails, and the packet is dropped.
Buffer failure – cont.• Buffer failures are one of the most common reasons for
packet drops. When packet drops occur because of buffer failure, this occurs:
• After a buffer failure, the RP has an outstanding request to create more buffers of the appropriate size for the particular pool.
• While the RP is servicing the create buffers request, there may be additional failures in the pool.
• The RP may even fail to create more buffers, because of memory constraints in the system when the extra buffers are required.
Buffer failure – cont.
• Essentially, the create buffers operation could take several microseconds, in which packets are continually dropped because of the buffer shortage.
• In addition, if buffers are used as quickly as they are created, the RP could be forced to spend more time on buffer creation than on packet processing.
• This may cause the RP to begin to drop packets so quickly that performance degrades and sessions are lost.
• http://tools.cisco.com/search/results/en/us/get#q=buffer+overflow
How buffer overflow happens?
How buffer overflow happens? –cont.
• This a demo on c++ #include <stdio.h>Int main(){Char str [20];Gets (str);Puts (str);Return (0);}
How buffer overflow happens? –cont.
• The string to get from user is predefined to be 20 character in length
• The program will print what the user send using “puts”
How buffer overflow happens? –cont.
• Run the program using cmd
How buffer overflow happens? –cont.
• Print anything ; say Mohammad for example
• The program will print “mohammad”
How buffer overflow happens? –cont.
• Try typing some thing that is more than 20 char.
• You will receive the warning window as shown at left
How buffer overflow happens? –cont.
• Expand the warning window and check the exception offset to see the error
• https://www.youtube.com/watch?v=EekP8tuAuQw
What is a buffer overflow and how does it work?
• A buffer is a temporary area for data storage. When more data than was originally allocated to be stored in a buffer gets placed there by a program or system process, the extra data will overflow, hence the name, causing some of that data to leak out into other buffers, which can corrupt or overwrite whatever data they were holding.
What is a buffer overflow and how does it work?- cont.
• In a buffer-overflow attack, the extra data sometimes holds specific instructions for actions intended by a hacker or malicious user; for example, the data could trigger a response that damages files, changes data or unveils private information.
What are buffer overflow types?
• Heap-based, which are difficult to execute and the least common of the two, attack an application by flooding the memory space reserved for a program.
• Stack-based buffer overflows, which are more common among hackers, exploit applications and programs by using what is known as a stack: memory space used to store user input.
How to stop a buffer overflow from attacking applications
• 1. Avoid using library files: Library files, which are used in programming language and are inherently insecure, are a target for hackers during application attacks. Any weakness found by a hacker in a library file will also exist in all applications that use that library file, giving hackers a glaring target for a potential attack.
How to stop a buffer overflow from attacking applications – cont.
• 2. Filter user input: Filtering out possibly dangerous HTML code and characters that could cause database problems. For example, in ASP code, the apostrophe, quotation mark and ampersand symbols are all reserved symbols. These reserved symbols can't be included within a user's input or they will cause the application to crash. Filter them out and replace them with something else to avoid complications and problems.
How to stop a buffer overflow from attacking applications – cont.
• 3. Test applications: Be sure to test all applications prior to deployment; trying to break into every application to ensure secure coding. If the application breaks, it will be clear that there is a problem that needs to be fixed before a hacker is able to exploit it.
• http://searchsecurity.techtarget.com/tip/How-to-stop-buffer-overflow-attacks-and-find-flaws-vulnerabilities
