Modern compilers and operating systems have implemented various
defenses to protect software against programming errors that lead to buffer
overflows. These defenses mean that real-world overflows today are in general
more difficult to exploit than the examples described here. For further
information about these defenses and ways to circumvent them, see
The
Shellcoder’s Handbook
.
“Off-by-One” Vulnerabilities
A specific kind of overflow vulnerability arises where a programming error
enables an attacker to write a single byte (or a small number of bytes) beyond
the end of an allocated buffer.
Consider the following code, which allocates a buffer on the stack, performs
a counted buffer copy operation, and then null-terminates the destination
string:
bool CheckLogin(char* username, char* password)
{
char _username[32];
int i;
for (i = 0; username[i] && i < 32; i++)
_username[i] = username[i];
_username[i] = 0;
...
Do'stlaringiz bilan baham: |