What is buffer overflow?

15

Whenever I use the gets() function the compiler returns me the following warning:

  

function is dangerous and should not be used

Translation:

  

This function is dangerous and should not be used

I hear a lot about the fact that it is dangerous and that in its place the fgets() function should be used to avoid buffer overflow .

After all, what would the buffer overflow be and what kind of danger would it pose to my software? And what makes the gets() function vulnerable to buffer overflow ? Are there any other functions that are vulnerable to buffer overflow ?

    
asked by anonymous 27.02.2016 / 23:49

4 answers

15

If used once, saw the warning and continued using, you are making a mistake.

Buffer overflow

The gets() function receives a variable that functions as a buffer . That is, a variable is created and passed to the function that will put a value on it. When the variable is created, it has a specific size. This function has no measure to ensure that the value does not exceed the size of the variable. The C language itself does not have mechanisms that guarantee the limit of the variable.

The buffer overflow occurs when the value obtained (at device read) is greater than the size of the variable. Then the function writes in an area that is reserved for something else. Being able to write where it should not, it allows the execution to be tampered with and the code does something unexpected, opening up security holes.

"Hackers" take advantage of this failure to send data that they know will overwrite memory improperly. Understanding the memory positions that the application will be using in a given situation, it can send a code or modify a data that will execute an undue code that is not part of the expected operation in the application, such as enabling a login even without a correct password.

Solution

The great advantage of the fgets() function and other similar is that one of its parameters says the size of the buffer and the function ensures that it will not exceed this limit, even if the value it receives is larger. This way the data can not interfere with other areas of memory.

Other dangerous functions

Be careful also (follow the "safe" alternative already in the default):

  • strcpy() - > strncpy()
  • strcat() - > strncat()
  • strlen() - > strnlen()
  • strcmp() - > strncmp()
  • strdup() - > strndup()
  • wcscpy() - > wcsncpy()
  • wcslen() - > wcsnlen()
  • sprintf() - > snprintf()

Other things that can be bad in some situations: - scanf() , getwd() , realpath() atoi() , memcpy() , strtok()

Some of these functions have dangerous variations as well. Note that the alternative is not guaranteed to be safe, they just have a slightly better mechanism. They do not replace their correct use and additional checks.

Some are dangerous and prone to buffer only if misused. gets() is really dangerous no matter what the programmer does.

Obviously I will not risk saying this is a complete list.

    
28.02.2016 / 00:11
4

Buffer overflow is when some input data is entered somehow than expected by your program, this causes a memory overflow compromising program execution, this allows you to overwrite the memory that allows you to use addresses to execute arbitrary codes by the OS.

The fgets function, as far as I know, does not have any checks on the length of strings passed to your program, that is, if you set a variable of size 200 and a user / hacker tries to insert 250 values, your program will be popping the buffer of this variable allowing to overwrite the memory of your OS.

In addition to fgets the strcpy can also suffer from the same malfunction, in fact any function that allows data entry without checks.

In some OS's (Linux) the kernel integrates ASLR techniques ( link ), in an attempt to prevent these problems with the compiler.

Here is something practical about this type of exploration, if you are interested, read this post:

Security - Syscall inside shellcode does not execute

    
28.02.2016 / 00:28
4

What is Buffer Overflow?

Looks like Buffer Overflow in Portuguese means "Buffer Overflow" is when something goes beyond the limit, for example if you have an array that can only receive 10 values and you put in that array 11 values Ready This is buffer overflow because there was a memory overflow (exceeded the limit size).

What kind of danger would it pose to my software?

A very great danger, most exploits are made based on this buffer overflow failure, so the attacker identifies a buffer overflow failure in his software, he can inject several malicious code into his software and make havoc, your software in case it is a soft payment OR if your software is a soft remote (internet connection) imagine the damage the attacker managing to invade several people through the fault caused in his software.

Why does the gets () function is vulnerable to Buffer Overflow?

The simplest explanation for this question is this: This function does not limit the number of characters to be read from the standard input (stdin).

I hope I have helped.

    
28.02.2016 / 00:10
3

Because the buffer is the space each variable has in a program, that space is limited. For example each char is usually a byte.

Buffer overflow means writing beyond the variable space by changing subsequent memory locations. This has several problems: undefined behavior, crashes or even exploits. A hacker can control your program. One of the most notorious cases is in PSP games changing the name of savefiles to very large strings, in addition to what was allowed by the game, it caused crashes in which hackers took control and executed their code. I will not go deep because I am a newbie and I hope do not make mistakes.

The gets function is dangerous because the user chooses how many characters to enter. If the string only has 30 and the user inserts 31 there is buffer overflow because the string is being stored and will occupy another 1 byte adjacent that does not belong string.

Yes there is more. At the moment I only remember scanf, in normal situations the compiler warns why it is not necessary to know by heart.

    
28.02.2016 / 00:11