DEV Community

Hyunseung Ha
Hyunseung Ha

Posted on

[PWN.04] Stack Buffer Overflow

What is Stack Buffer Overflow?
it occurs when data exceeding the buffer size of the stack is entered.

Buffer : where data is stored in
Overflow : exceeding

If the Buffer is in Stack, It is called as Stack Buffer.
If the Buffer is in Heap, It is called as Heap Buffer.

int main(int argc, char *argv[]){
    int overflowed = 0;
    char input[16];

    scanf("%s", input);

    if(overflowed) {
        printf("OVERFLOWED!!");
    } else
        printf("%s", input);
    return 0;
}
Enter fullscreen mode Exit fullscreen mode

Stack Buffer layout is same with a following pic.

Image description

If we enter more than 15 digits of data into input, additional values ​​will be stored in overflowed.
so It will output OVERFLOWED!!.

How to mitigate it ?
We can think about it.
First, we should check the size of input data.
Second, We can use the Canary!
Third, Enable ASLR(Address Space Layout Randomization)

And There are more methods to mitigate.

Top comments (0)