Buffer
Overflow Intro. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G.
Hogle.
http://sfsecurity.pr.erau.edu
How
could a computer (or programmer) be so dumb?
•The computer (or programmer) should check the size of the buffer first before trying to put all of the data into it.
•Popular languages like C/C++ don’t automatically check the bounds of the buffer.
•Programmers who use C/C++ are responsible for performing this check. Often
they don’t.
•Programming shops often don’t use checklists to spot this type of error
and often testers don’t think of trying
to make buffer overflows show up
Answer: Modern software practice is sloppy, and buffer
overflows get through (see the life
cycle).
• The problem can be a lot more complex when you start
talking about supporting international character
sets and copying/formatting/processing
buffers that store different kinds of things.
buffers that store different kinds of things.