Buffer Overflow Lab Simple Buffer Overflows As previously stated, Strings are \\

Question

Buffer Overflow Lab

Simple Buffer Overflows

As previously stated, Strings are terminated arrays of characters. The size of the array is specified when the array is declared. When the string is assigned a value via an assignment or input statement, this machine does not check the length of the input to the size of the array. This allows the char buffer to overflow into subsequent memory locations. The exact impact of the overflow depends on what is contained in the memory locations immediately after the buffer. If it is other data locations, the overflow will affect their values. If it is instructions, it can change the instruction to something else, or possibly result in an illegal instruction.

Step through the program and enter different values for the various input statements to see how excessively long strings affect subsequent locations. Note that you enter data in the white text box at the "Input>" prompt. Be sure to press enter, or nothing will happen!

When you are comfortable with your answers to the prior questions, now try being deliberate, and purposely enter strings to create an overflowed value in myInt. You should probably Google "Ascii table" to get a chart of values that will help you construct your strings.

When you enter 456 for myInt, ABCDEF for Buff2, XYZ for Buff1. The output is:

XYZ
ABCDEF
456
*** END OF PROGRAM ***

When you enter 456 for myInt, ABCDEF for Buff2, XYZZY for Buff1. The output is:

Outputs:
XYZZY
Y
456
*** END OF PROGRAM ***

1. Explain what happened with the above output?

When you enter 456 for myInt, ABCDEFGHIJ for Buff2, XYZ for Buff1. The output is:

XYZ
ABCDEFGHIJ
18762

2. Explain what happened?

3. Enter 5555 for myInt, then enter strings into Buff2 and Buff1 so that myInt gets changed to 20565 (base 10). Explain what you did.

4. Enter 5555 for myInt, then enter strings into Buff2 and Buff1 so that myInt gets changed to 85 (base 10). Explain what you did.

/* Simple buffer overflow example Memory between variables in memory Buffer Overflow Lab Addr Value 03ff 000

Explanation / Answer

Buff1[4] is initialised first.

Let's say it's address is 0x1000.

char is 1 byte long.

Therefore

Buff1[0] = 0x1000

Buff1[1] = 0x1001

Buff1[2] = 0x1002

Buff1[3] = 0x1003

Now Buff2[8] is initialized and gets memory locations after Buff1[]

Buff2[0] = 0x1004

Buff2[1] = 0x1005 and so on

After that myInt gets memory.

1) myInt = 456, Buff2[] = "ABCDEF", Buff1[] = "XYZ"

In this case, there is no buffer overflow as the number of characters in all buffers and size of data in the integer variable are within limits.

So, output is

XYZ

ABCDEF

456

myInt = 456, Buff2[] = "ABCDEF", Buff1[] = "XYZZY"

in this case, the 'Y' overflows from the Buff1[] and moves into Buff2[] memory locations, changing its actual value as mentioned in the information of the question.

So, when we print Buff1[]. Buff2[] and myInt, we get

XYZZY -> prints the string as long as a null is not found, since strings are null terminated, even if the buffer has overflown

Y -> Overflow from Buff1[]

456

2) 456 for myInt, ABCDEFGHIJ for Buff2, XYZ for Buff1

In this, the last two characters from Buff2[], I and J overflow into the myInt memory.

I = 0x49 in hex for ASCII

J = 0x4A, hex ASCII

So, myInt = 0x494A = 18762 in decimal.

Hence the output

3) 20565 = 0x5055

So, the input to Buff2[] should be such that 0x50 and 0x55 overflow into myInt

myInt = 5555

Buff1[] = XYZ

Buff2[] = ABCDEFGHPU

ASCII(P) = 0x50

ASCII(U) = 0x55

3) 85 = 0x55 = ASCII(U)

So, as explained earlier, Buff2[] = ABCDEFGHU, so U overflows into myInt

Related Questions

Navigate

• Browse (All)
• Browse B
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.