Entradas

Mostrando entradas de 2016

Off-by-one overflow explained

Imagen
One of the most common vulnerability that could be found in the wild is the buffer overflow . Either found as a stack overflow or heap overflow , it could allow not only reading but overwriting memory addresses which shouldn't be accessible from the standard program execution flow. By doing a code revision, or maybe some reversing over a binary or executable, it is possible to find this kind of vulnerabilities which impact the integrity, confidentiality and availability of the information when exploited by an attacker. Off by one in x86 This vulnerability occurs when a buffer operation is executed once more than it should. Let's look the next vulnerable c code: This program takes the string entered as argument when executing the program (i.e. ./program argument ), and copies it to the buf  variable, which size is 128 bytes. Nevertheless, there is a terrible mistake in the  for loop definition, but why? The buf array length is defined as 128, it is a char array,