Download
1 / 8
80 likes | 177 Vues
CS4236 Tutorial 5 Question 1. Chuan Huey Ling. Question. I Disagree. Why? (Background). Previously discussed stack smashing attack. (taken from the article on buffer overflow from cs4236 website). What if?. The stack and the string buffer grow upwards.
E N D
CS4236 Tutorial 5 Question 1 Chuan Huey Ling
Question I Disagree.
Why? (Background) • Previously discussed stack smashing attack.(taken from the article on buffer overflow from cs4236 website)
What if? • The stack and the string buffer grow upwards. • Unable to apply the stack smashing attack because the return address is below. (Only true for the case below where there is only 1 stack frame)
What if? • Function calls an unsafe function that takes in a pointer to the caller’s buffer. • Eg. foo(){ char buf[20]; otherFunction(buf); } otherFunction(char *b) { gets(b); //some unsafe function over here }
What will happen? Recall that otherFunction is using a pointer to the local variables in the foo function so it is able to write data into the buffer. Stack frame of otherFunction Stack frame of foo
What will happen? Stack frame of otherFunction Stack Smashing on the return address of otherFunction Stack frame of foo Therefore, otherFunction’s return address is overwritten
Conclusion • Stack that grows upwards is still vulnerable to stack smashing attacks. • Some unsafe functions are gets(), strcpy() and sprintf(). • These types are function are potentially vulnerable no matter whether the stack grows up or down. void foo(char *s) { char buf[10]; strcpy(buf, s); //unsafe functions }
