0

I'm looking at this code example for class and I am new with buffer overflows. How can this exmple be modified to avoid buffer overflow attacks? Also, If anyone knows of a good article on buffer overflows, please post it. Thanks! 

void GetProfileFor( const char *name,
              char *profile,
              int profileLen );

int main() {
              char *profile = malloc( 1024 );
              char name[128];

              printf( “Enter your name: ” );
              gets( name );

              GetProfileFor( name, profile, 1024 );
              printf( “\nYour profile: %s\n”, profile );
return 0; }
Improve this question

3 Answers 3

Reset to default
2

To identify where buffer overflow will occur you will have to identify all the input path and the buffer it filled up - is the internal buffer sufficient to cater for all poissible input? Or is there any limits imposed on the amount of inputs allowed?

In your case the gets(name) has a limit in internal buffer, but gets() itself has no limits in the input it can take:

http://www.tutorialspoint.com/c_standard_library/c_function_gets.htm

therefore buffer overflow is possible.

The specific solution to prevent this attack is to use fgets():

http://www.tutorialspoint.com/c_standard_library/c_function_fgets.htm

which does have a limit placed on the external inputs allowed.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Looking at just the code you posted, I found one line of code that you can change.

Replace 

gets(name);

with

fgets(name, 128, stdin);

gets does not check the size of name to decide when to stop reading. It will try to read more characters than name has space for. fgets, on the other hand, will stop reading when it encounters a newline or it has read 127 characters, whichever is first.

Checkout Why gets() is bad / Buffer Overflows for more details.

Improve this answer

1 Comment

Some robustness can be added, fgets(name, sizeof name, stdin). Then a buffer overflow can't be caused by later deciding to make the buffer smaller.
1

The most new compilers are adding stack protectors eg. canaries to the binary. You can still overflow the buffer, but you cant jump to the stack and execute shellcode and etc. You could brute force the canary, but it would probably take a long time. Also when you look at the man page of gets, in the bug section it says never use fgets

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.