Buffer
Overflow Intro. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G.
Hogle.
http://sfsecurity.pr.erau.edu
Patty knows that a buffer overflow will ovewrite the return point to go to her program
68, the ASCII representation for a
“D”, is put in mailbox #78. But mailbox #78 was being used to store the return address!
Now when Norman is finished with the
GetLastName() subroutine, he will read a
68 as the return address instead of the real
return address.
He’ll then begin executing
instructions at mailbox #68, which is Patty’s
instructions to steal Norman and make him do what Patty wants instead of what Alice wants (Patty’s
hijacking subroutine, if treated as ASCII, just
so happens to spell out SOLZHENGRA).