This works through the utilization of user input. If the information size isn't checked properly before process the information in sure ways in which, it will become prone to a buffer overflow attack.
Protecting from buffer overflow :
we will be using the c-sharp console application(CLI) as an example.
First create a byte array which we will use to store the user input in next, notice that we are giving it a fixed size of 255 bytes.
byte[] byt = new byte[255];
Now we will get some user input.
Console.Readline()
Now let's convert it to a byte array.
Encoding.Default.GetBytes(Console.ReadLine())
Now set it to our previously declared 'bytes' byte array with a fixed size of 255 bytes...
byt = Encoding.Default.GetBytes(Console.ReadLine());
The vulnerability here is that the user can be inputting a string of 256+ bytes or characters so once converted to bytes, it'll be rather more than the 'bytes'; byte array will handle - a most of 255.
To fix this, we are able to merely check the byte count 1st before setting it to the 'bytes' byte array...
string readLine = Console.ReadLine();
if (Encoding.Default.GetBytes(readLine).Length <= 255) {
byt = Encoding.Default.GetBytes(readLine);
}
Now, if the user enters a string that once regenerate to byte is larger than the 'bytes' byte array will handle, it merely will not arrange to set the 'bytes' byte array to the new input.
