Buffer overflows assignment by dannyoleary1

BUFFER OVERFLOWS Secure Programming and Scripting

BUFFER OVERFLOW ASSIGNMENT DANNY Oâ&#x20AC;&#x2122;LEARY 20067817

Contents Introduction .......................................................................................................................................... 2 What is a Buffer Overflow..................................................................................................................... 2 The Security Risks of Buffer Overflows ................................................... Error! Bookmark not defined. Compiling and Running the example Programs .................................................................................... 4 How to fix the Programs ....................................................................................................................... 8

Introduction The aim of this assignment is to gain an understanding of what a buffer overflow is, the security risks behind it, and to show some examples of how it might affect programs that have been coded badly around the fact that Buffer Overflows are a huge risk. This report will also include instructions on how to run 3 different programs that are at risk to different types of Buffer Overflows. The 3 different types of Buffer Overflows that I have chosen are as follows:

I will also mention how to prevent these Overflows from happening by coding what Iâ&#x20AC;&#x2122;m trying to do differently with Buffer Overflows in mind.

What is a Buffer Overflow? A Buffer Overflow occurs when a program is attempting to put more data than it is able to into a buffer. A buffer is allocated memory that is used to store any form of information, this includes any type of variable that you might make in C for example an integer or even an array of integers. In a Buffer Overflow attack what will happen is too much data will be sent to the buffer and it will cause it to overflow which can have different types of effects. One of these effects can cause the execution of different code than what the program is intended for. It can also change the values of other variables in your program which can have serious consequences because it could cause a user to gain unauthorized access to areas of the program. Buffer Overflow attacks are still commonly used today against legacy systems, but also against new systems. This is because of how much of a wide variety Buffer Overflow attacks can occur, and also because thereâ&#x20AC;&#x2122;s a lot of error prone techniques involved in fixing them(Owasp.org, 2016).

Buffer Overflows have many different types of attack, here are a few examples of some of these different types of Buffer Overflow Attacks: 1. Integer Overflow: This is caused when an integer is incremented past the maximum value that it is able to hold. This can cause the number to change into a negative number or even just any incorrect value that it can possibly be.

This is an example of an integer overflow, the last number entered into the array causes the overflow to occur. It in turn changes the value of every other value in the array. 2. String Overflow: Much like the integer overflow, the String overflow works in the same way. It’s caused when a bigger amount of characters is entered than what should be allowed which causes it to overflow, and like the Integer overflow it can cause strange values to appear. 3. Arithmetic Overflow: This works in a similar way to the Integer overflow, but it causes two numbers to be multiplied together, and then the answer of these two will be bigger than what the buffer can handle. It can cause strange values also.

Two number multiplied returned printf(“negative number”) which was only accessible if the answer was equal to a negative number. 4. String Format Overflow: This type of overflow is caused by lack of formatting on the function printf(), so instead of having printf(%format, variable) it’s when a programmer has printf(variable). This allows a programmer to enter their own formatting into the printf function which can lead to data being leaked through this, finding out where things are on the stack etc.

This shows the string format being used to try locate information, but not really getting anything useful in this example.

Note: These were all programs developed by me. I didnâ&#x20AC;&#x2122;t include the formatstring one as an example because it was hard to get it to return anything useful such as a password or a function. I will include the formatstring program in the zip file also.

Compiling and running the example Programs Arithmetic.c The code for this program:

This program is made to multiply two numbers that are inputted by the user together, and end up with the answer being stored in the variable answer. The problem with this program is that thereâ&#x20AC;&#x2122;s no check to what the size of the integers being entered are so it could also be vulnerable to an Integer Overflow, but for this example it will be used to demonstrate how the arithmetic overflow can happen.

Running through the program normally: 1. To get this running, I first used gedit and inputted the above. 2. I then used the compiler â&#x20AC;&#x153;gccâ&#x20AC;? to compile the program:

3. Then I use the ./arithmetic command to run the program:

4. I then enter two numbers into the program, in this case 50*10, and it will give me back the output 500.

Overflow:

When 2 big numbers were entered it returned negative number even though it should only ever do that if the number is less than 1.

StringOverflow.c The code for this program:

In this program, there’s 2 variables one that’s going to store the input, and one that the buffer overflow is going to target to change. A user is prompted for a password, and then the input is stored in “input”, but the gets function is vulnerable to buffer overflows, and should only be used for test purposes. It’s then checking to see if the input equals a set password of “admin”, and if it does match it changes test to 1, making it non zero and logging in as Admin. If it doesn’t equal “admin” then the User is logged in as user. Running through the program normally: 1. I used “gedit stringoverflow.c” to enter the above program. 2. The next thing I done was compiled the program using gcc:

3. I then used the “./stringoverflow” command to run the program.

4. Then I can enter either a value for a user or the value for an admin:

Overflow:

When the characters of the password were longer than 15, it granted Admin access because it changed the variable to non zero.

IntOverflow.c The code for this program:

In this program there’s 2 variables, one for the input of the user “value”, and one for the non-zero value that may change when an Integer overflow is caused. It then asks the user to input a value, it

uses the get method to store which shouldn’t be used and also uses the printf without formatting to display it which might mean it’s also vulnerable to a StringFormat Overflow. It then checks and displays if the value of nonzero has changed. Running through the program normally: 1. Used “gedit intoverflow.c” to create the program with the above code. 2. Compiled it using gcc:

3. Ran using the “./intoverflow” command:

4. I then would enter in a value that I’d like to display:

Overflow:

When a number bigger than the buffer is used, you can see from the picture above that the non-zero value changes.

How to fix the programs? In this section, I will show how to fix the programs that I have given as examples. These solutions only fix the problems that they are set out to show e.g. Integer Overflow will be fixed to handle integer overflows. The working solutions will also be included in the zip file.

Arithmetic.c To fix the arithmetic file, I decided to fix it for the multiplication, and to do this I realised that a way to check if the value was correct was to see if the answer divided by one of the numbers used equalled the other one, then the value was correct. If it wasnâ&#x20AC;&#x2122;t then it was probably an overflow. ANSWER

NUMBER 1

NUMBER 2

50 50

10 10

5 2

The fixed code:

Example running:

ANSWER / NUMBER 1 = NUMBER 2 5 5=2 not correct, could be overflow

StringOverflow.c To fix this overflow I changed the gets to scanf which is still not extremely safe but works in this case, and then the next thing that I done was got rid of the variable non zero because it wasnâ&#x20AC;&#x2122;t needed, and then got rid of the corresponding if statements that went along with it.

New Working Code:

Example Running:

IntegerOverflow.c For this program to stop the integer overflow. I changed the gets method to scanf, and also included formatting on the printf statement.

New Working Code:

Example running:

References Owasp.org, (2016). Buffer Overflow - OWASP. [online] Available at: https://www.owasp.org/index.php/Buffer_Overflow [Accessed 21 Feb. 2016].