Buffer Overflow Causes. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Buffer Overflow Causes Author: Jedidiah R. Crandall, This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service Program: Grant No Distributed July 2002 Embry-Riddle Aeronautical University Prescott, Arizona USA
Buffer Overflow Causes. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Causes of Buffer Overflows This section explains some of the causes of buffer overflows and types of buffer overflow attacks in a not-too-technical manner The intention is to give the reader an appreciation for the complexity of the problem
Buffer Overflow Causes. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Types of buffer overflow attacks Stack smashing or heap-based attacks The attacker can hijack execution of the program, and if the program was running with elevated privileges, the attacker now has those privileges This is the way many worms spread by tricking a network server into running the a program the attacker wrote Data corruption An attacker can change their privileges or other security-related data by overwriting it in memory Program crash A program crash can lead to denial-of-service because the service that program was providing will not be there until the program is restarted Sometimes a program crash causes a “core dump” where the entire memory of the program (possibly security-sensitive data) is written out to a file the attacker may be able to read
Buffer Overflow Causes. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. What can cause buffer overflows? Careless use of buffers without bounds checking. Formatting and logical errors. Unsafe library function calls. Off-by-one errors. Old code used for new purposes (like UNICODE international characters). All sorts of other far-fetched but deadly-serious things you should think about.
Buffer Overflow Causes. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Careless use of buffers without bounds checking This is the classical cause of a buffer overflow. It is a blatant programmer error analogous to trying to pour five gallons of water into a four gallon bucket. It can lead to the program being hijacked, data being corrupted, or the program crashing.
Buffer Overflow Causes. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Formatting and logical errors Sometimes its not the size of the input but the value of the input that causes a buffer to overflow. The input might be an integer that you want to convert to an ASCII string. The buffer needs to be big enough to hold all of the digits of the biggest integer someone could enter. Otherwise the program might be vulnerable to program crashes or data corruption.
Buffer Overflow Causes. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Unsafe library function calls A library is a collection of useful subroutines that a programmer can use in their program. The standard C library, which every C compiler has, has subroutines in it that can cause buffer overflows if not used properly. Programmers have to learn to use the library subroutines properly. Unsafe library function calls are responsible for many vulnerabilities of all types.
Buffer Overflow Causes. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Off-by-one errors In C, if you create a buffer that will hold 100 bytes then it will only hold 99 ASCII characters (other than the NULL character at the end), the 99 th character being indexed with the number 98. This can lead to a lot of confusion even for seasoned C programmers who do bounds checking. This can lead to a small amount of data corruption or even a program crash.
Buffer Overflow Causes. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Old code used for new purposes Programmers often reuse code that someone else wrote a long time ago. If you write a program and limit a user’s input to 100 characters and then put them into the old code’s 101-byte buffer you can still get a buffer overflow. How? When the old code was written the programmer assumed the use of ASCII where 1 character fills 1 byte. Your new code uses UNICODE (supports international character sets) where 1 character fills two bytes. This was the cause of Code Red.
Buffer Overflow Causes. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. All sorts of other far-fetched but deadly- serious things you should think about. User input is not always what causes buffer overflows, they may be caused through things like environment variables or race conditions. You don’t have to know all about environment variables or race conditions but if you’re managing a software project then your programmers should.
Buffer Overflow Causes. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. About this Project This presentation is part of a larger package of materials on buffer overflow vulnerabilities, defenses, and software practices. For more information, go to: Also available are: Demonstrations of how buffer overflows occur (Java applets) PowerPoint lecture-style presentations on an introduction to buffer overflows, preventing buffer overflows (for C programmers), and a case study of Code Red Checklists and Points to Remember for C Programmers An interactive module and quiz set with alternative paths for journalists/analysts and IT managers as well as programmers and testers A scavenger hunt on implications of the buffer overflow vulnerability Please complete a feedback form at to tell us how you used this material and to offer suggestions for improvements.