What is Stack Buffer Overflow?
it occurs when data exceeding the buffer size of the stack is entered.
Buffer : where data is stored in
Overflow : exceeding
If the Buffer is in Stack, It is called as Stack Buffer.
If the Buffer is in Heap, It is called as Heap Buffer.
int main(int argc, char *argv[]){
int overflowed = 0;
char input[16];
scanf("%s", input);
if(overflowed) {
printf("OVERFLOWED!!");
} else
printf("%s", input);
return 0;
}
Stack Buffer layout is same with a following pic.
If we enter more than 15 digits of data into input, additional values ​​will be stored in overflowed.
so It will output OVERFLOWED!!.
How to mitigate it ?
We can think about it.
First, we should check the size of input data.
Second, We can use the Canary!
Third, Enable ASLR(Address Space Layout Randomization)
And There are more methods to mitigate.
Top comments (0)