Buffer overflows that occur in the heap data area
-typical heap manipulation function: malloc()/free()
Higher Address: Stack
Lower Address: Heap
char* p = malloc(256); memset(p, 'A', 1024);
Overwrite the function pointer in the adjacent buffer
Before heap overflow, after heap overflow
Programming language choice is crucial
the language…
should be strongly typed
should do automatic bounds checks
should do automatic memory management
Examples of safe languages: Java, C++, Python
Defense Against Buffer Overflow Attacks
why are some languages safe?
buffer overflow becomes impossible due to runtime system checks
the drawback of secure languages
possible performance degradation
Using unsafe languages:
check input (All input is EVIL)
use safer functions that do bounds checking
use automatic tools to analyze code for potential unsafe funtions
Defense Against buffer Overflow attacks
Analysis tools…
can flag potentially unsafe functions/contructs
can help mitigate security lapses, but it is really hard to eliminate all buffer overflows
