15: Stack Buffer Overflow

Last updated
Save as PDF

Page ID: 19959

\( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \) \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)\(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\) \(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\)\(\newcommand{\AA}{\unicode[.8,0]{x212B}}\)

A stack buffer overflow(For more information, refer to: http://en.Wikipedia.org/wiki/Stack_buffer_overflow) can occur when a program overflows a stack-based dynamic variable (as described in Chapter 12.9, Stack-Based Local Variables). For example, if a program allocates and uses a stack-based local array holding 50 elements and more than 50 elements are stored in the array, an overflow occurs. Such overflows are generally bad and typically cause program bugs and possibly even crash the program. The stack will contain other important information such as other variables, preserved registers, frame pointer, return address, and/or stack-based parameters. If such data is overwritten, it will likely cause problems which can be very difficult to debug since the symptom will likely be unrelated to where the problem actually occurs.

If a stack buffer overflow is caused deliberately as part of an attack it is referred to as stack smashing. Due to the standard calling convention, the layout of the stack-based call frame or activation record is fairly predictable. Such a stack buffer overflow can be by a malicious individual to inject executable code into the currently running program to perform some inappropriate actions. Under the right circumstances, such code injection could allow a black-hat(For more information, refer to: http://en.Wikipedia.org/wiki/Black_hat) hacker to perform unwanted actions potentially taking over the system.

The process of how a stack buffer overflow occurs and how it can be exploited are provided in this chapter. This is presented in order to allow developers to clearly understand the problem and thus learn how to protect themselves against such vulnerabilities. The reader must be familiar with the details of the standard calling convention as outlined in Chapter 12, Functions.

It should be noted that the stack buffer overflow problem exists in high-level languages. Working in assembly languages makes it easier to more clearly see and understand the details.