Buffer Overflow Protection
Software Development
|
|
CODE:
|
Copy / Restore :: Remove Scroll Bars
|
#include <stdio.h> #include <string.h> int main(int argc,char **argv){ char file_name[100]; if(!argv[1]) { printf("File Name: "); gets(file_name); }else strcpy(file_name,argv[1]); printf("\nFile Name: %s\n",file_name); return 0; }
Select what you want to copy and in doing so you will keep the formatting when pasting it.
|
|
The above code is vunerable to Buffer Overflow in two locations
Unfortunatly you see it now in lots of code.
The program gets a file name and prints it to the screen. If the file name is given in the first arguement it copys that into the buffer and prints the buffer, if not it asks the user for it.
|
CODE:
|
Copy / Restore :: Remove Scroll Bars
|
Select what you want to copy and in doing so you will keep the formatting when pasting it.
|
|
Is the first vunerability.
This does not take into account size of the buffer and which just write everything it gets into there. So if the user types in more than 100 charachters the buffer will overflow and the program may crash.
|
CODE:
|
Copy / Restore :: Remove Scroll Bars
|
}else strcpy(file_name,argv[1]);
Select what you want to copy and in doing so you will keep the formatting when pasting it.
|
|
strcpy also does not take into account the size of a buffer.
The Following code is not vunerable to buffer overflow:
|
CODE:
|
Copy / Restore :: Remove Scroll Bars
|
#include <stdio.h> #include <string.h> int main(int argc,char **argv){ char file_name[100]; if(!argv[1]) { printf("File Name: "); fgets(file_name,sizeof(file_name)-1,stdin); if(*file_name) file_name[strlen(file_name)-1]=0; else{ puts("No text entered"); return 0; } }else strncpy(file_name,argv[1],sizeof(file_name)-1); printf("\nFile Name: %s\n",file_name); return 0; }
Select what you want to copy and in doing so you will keep the formatting when pasting it.
|
|
My Tips for avoiding buffer overflows.
-Protect access to variables. Free access is asking for exploits
-If you can't protect access, (servers & clients etc...) monitior what goes n and out
-Modify the size of your buffers depending on what your going to put in them, set sized buffers are asking for problems.
-Make sure you know the functions your using and what they do to buffers and exactly what each arguement it for, some functions will go one over the paramater for maximum bytes to write to a buffer so that they can null terminate it.
Notice how i used "sizeof(buffer)-1" instead of "sizeof(buffer)"
In general I would always give functions a byte in leway each time
Also use your common sense.
EDIT.
Sorry for indentation, codeboxes screwed up
Please login to rate coding articles.
Click here to register a free account with us.
|
|
Comments
|
| Please login to post comments. |
|
|
Well done, this articles explains and shows clearly what are buffer overflows, and
you even show how to protect them, that's the kind of articles we need!
|
|
|
Nice article! Clearly explains and shows what buffer overflows are ;-)
I think you could improve the article though by adding an example of an exploit of
a buffer overflow. Just a suggestion.
Overall though i like it ;-)
Kind regards,
Scott
|
|
|
 |
Categories |
 |
|
|
