Buffer
Overflow Intro. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G.
Hogle.
http://sfsecurity.pr.erau.edu
How could a computer (or programmer) be so dumb?
•The computer (or programmer) should check the size of the buffer first before trying to put all of
the data into it.
•Popular languages like C/C++ don’t automatically check the bounds of the buffer.
•Programmers who use C/C++ are responsible for performing this check. Often they don’t.
•Programming shops often don’t use checklists to spot this type of error
and often testers don’t think
of trying to make buffer overflows show up
Answer:
Modern software practice is sloppy, and buffer overflows get through (see the life
cycle).•The
problem can be a lot more complex when you start talking about supporting international character
sets and copying/formatting/processing
buffers that store different kinds of things.
The
problem can be a lot more complex when you start talking about supporting international character
sets and copying/formatting/processing
buffers that store different kinds of things.