Lecture – 12
Software Security: Buffer, Stack and Heap
Overflows
Information Security (CSNC3413)
Course Instructor: Annas W. Malik
Background
• Many vulnerability of applications are not from their specifications and
protocols but from their implementations
• Weak implementation of passwords
• Overflows (can be used to redirect the control flow of a program)
• Race conditions
• Bugs in permissions
Definition
Software security is an idea implemented to protect software against
malicious attack and other hacker risks so that the software continues
to function correctly under such potential risks. Security is necessary to
provide confidentiality, integrity, authentication and availability.
Introduction – Overflow
Vulnerabilities
• Buffer, stack, and heap overflows are common vulnerabilities in
software applications that can be exploited by attackers to gain
unauthorized access, execute malicious code, or cause system
crashes.
Buffer Overflow
• Buffers are memory storage regions that temporarily hold data while
it is being transferred from one location to another.
• A buffer overflow (or buffer overrun) occurs when the volume of data
exceeds the storage capacity of the memory buffer.
• As a result, the program attempting to write the data to the buffer
overwrites adjacent memory locations.
• For example, a buffer for log-in credentials may be designed to expect
username and password inputs of 8 bytes, so if a transaction involves
an input of 10 bytes (that is, 2 bytes more than expected), the
program may write the excess data past the buffer boundary.
Buffer Overflow
• Buffer overflows can affect all types of software. They typically result
from malformed inputs or failure to allocate enough space for the
buffer.
• If the transaction overwrites executable code, it can cause the
program to behave unpredictably and generate incorrect results,
memory access errors, or crashes.
Buffer Overflow
• Buffer overflows can affect all types of software. They typically result
from malformed inputs or failure to allocate enough space for the
buffer.
• If the transaction overwrites executable code, it can cause the
program to behave unpredictably and generate incorrect results,
memory access errors, or crashes.
Buffer Overflow
Buffer Overflow Attack
• Exploitation: Attackers can send input that exceeds the buffer's
capacity and overwrite adjacent memory, potentially modifying
variables, function pointers, or other critical data.
• This changes the execution path of the program, triggering a response
that damages files or exposes private information.
• For example, an attacker may introduce extra code, sending new
instructions to the application to gain access to IT systems.
Types of Buffer Overflow
• Types of Buffer Overflow:
Stack Overflows.
Heap Overflows.
Stack Overflow
• A stack overflow occurs when a program attempts to write data
beyond the boundaries of a fixed-size stack buffer.
• The stack is a region of memory used to store local variables and
function call information. When a function is called, its local variables
and return address are pushed onto the stack.
• If the amount of data being written exceeds the allocated space, it
overflows into adjacent memory, potentially overwriting critical
information or execution flow.
Stack Overflow
Stack Overflow Attack
• Exploitation: Attackers can craft input that overflows the stack buffer
and overwrite the return address. By replacing the return address
with a malicious address, they can redirect the execution flow to their
code.
• Impact: Stack overflows can lead to arbitrary code execution, privilege
escalation, and denial of service (DoS) attacks.
Stack Overflow Attack
Heap Overflow
• A heap overflow occurs when a program writes data beyond the
boundaries of a dynamically allocated heap buffer.
• The heap is a region of memory used for dynamic memory allocation.
• If a program does not properly validate the size of data being written
to a heap buffer, an overflow can occur.
Heap Overflow Attack
• Exploitation: Attackers can allocate or manipulate heap memory to
cause a buffer overflow, overwriting critical data structures like
function pointers or metadata.
• Impact: Heap overflows can lead to arbitrary code execution,
corruption of heap structures, DoS attacks, or memory leaks.
Heap Overflow Attack
Differences between Buffer, Stack,
and Heap Overflow Attacks
• Memory Area:
Buffer Overflow: Overflows can occur in various memory areas, including
stack, heap, or data sections.
Stack Overflow: Overflows occur in the stack memory region, used for local
variables and function call information.
Heap Overflow: Overflows occur in the heap memory region, used for
dynamic memory allocation.
Differences between Buffer, Stack,
and Heap Overflow Attacks
• Memory Allocation:
Buffer Overflow: Buffers can be statically allocated or dynamically allocated
on the stack or heap.
Stack Overflow: The size of stack buffers is typically fixed and determined
during compile-time.
Heap Overflow: Overflows occur in dynamically allocated heap buffers.
Differences between Buffer, Stack,
and Heap Overflow Attacks
• Exploitation Target:
Buffer Overflow: Attackers can modify adjacent memory, including function pointers,
variables, or data structures. (more generic)
Stack Overflow: In the stack memory region, return addresses are commonly used to
store the location to which a function should return after its execution is complete.
When a function is called, the return address is typically pushed onto the stack, allowing
the program to resume execution at the correct location once the function finishes.
Stack-based buffer overflows can target these return addresses by overwriting them with
malicious values, causing the program to redirect execution to unintended locations.
Heap Overflow: In the heap memory region, return addresses are not typically stored as
part of the heap data structures. Return addresses are primarily associated with the call
stack, which manages function calls and their corresponding return addresses. Heap-
based buffer overflows typically involve overwriting adjacent heap structures or
manipulating heap metadata, such as size fields or function pointers.
How to Avoid Software Attacks
The only way to avoid such attacks is to practice good programming
techniques.
System-level security can be provided using better firewalls.
Using intrusion detection and prevention can also aid in stopping
attackers from easy access to the system.
Writing safe program code
• Correct algorithm implementation
• Ensuring machine language corresponds to algorithm
• Correct interpretation of data values
• Correct use of memory
• Preventing race conditions