November 22nd, 2003, 10:57 PM
Buffer Overflows Made Simple
In response to a recent request for an explanation of buffer overflows, I have written a very basic description of how they work. For a more detailed description, read this tutorial.
The Basics of a Buffer Overflow Exploit
Program A must call program B to perform a specific task. But before program A does this, it must remember where exactly it left itself in its execution cycle so that when program B terminates it can resume where it left off. So it places a pointer onto the stack telling it where in memory then next instruction is supposed to be.
Now program B runs, with program A's instruction pointer sitting at the top of the stack. At some point, program B asks for input from another process. As the input is being sent to program B, it is placed on the stack before it is read. But then program B's input buffer overflows and it can no longer accept any input, so it basically crashes, or the OS terminates it. However, there is still some unread and uncleaned code sitting on the stack where it was taking its input from. This is exactly where program A expects its instruction pointer to be sitting.
So when program A resumes execution, it looks to the stack, where it thinks its next instruction is sitting. However, program B left some code there, so that gets executed instead.
The key to exploiting these weaknesses is knowing where and when the buffer will overflow and understanding what will be done with the code you place on the overflowed buffer.
***thread moved by request***