buffer overflow attack is once the user purposely enters an excessive amount of data in such the way that the program can spill the information across completely different memory locations which can cause bad behavior like opening another vulnerability for the attack to use.
This works through the utilization of user input. If the information size isn't checked properly before process the information in sure ways in which, it will become prone to a buffer overflow attack.
Protecting from buffer overflow :
we will be using the c-sharp console application(CLI) as an example.
First create a byte array which we will use to store the user input in next, notice that we are giving it a fixed size of 255 bytes.
byte[] byt = new byte[255];
Now we will get some user input.
Console.Readline()
Now let's convert it to a byte array.
Encoding.Default.GetBytes(Console.ReadLine())
Now set it to our previously declared 'bytes' byte array with a fixed size of 255 bytes...
byt = Encoding.Default.GetBytes(Console.ReadLine());
The vulnerability here is that the user can be inputting a string of 256+ bytes or characters so once converted to bytes, it'll be rather more than the 'bytes'; byte array will handle - a most of 255.
To fix this, we are able to merely check the byte count 1st before setting it to the 'bytes' byte array...
string readLine = Console.ReadLine();
if (Encoding.Default.GetBytes(readLine).Length <= 255) {
byt = Encoding.Default.GetBytes(readLine);
}
This works through the utilization of user input. If the information size isn't checked properly before process the information in sure ways in which, it will become prone to a buffer overflow attack.
Protecting from buffer overflow :
we will be using the c-sharp console application(CLI) as an example.
First create a byte array which we will use to store the user input in next, notice that we are giving it a fixed size of 255 bytes.
byte[] byt = new byte[255];
Now we will get some user input.
Console.Readline()
Now let's convert it to a byte array.
Encoding.Default.GetBytes(Console.ReadLine())
Now set it to our previously declared 'bytes' byte array with a fixed size of 255 bytes...
byt = Encoding.Default.GetBytes(Console.ReadLine());
The vulnerability here is that the user can be inputting a string of 256+ bytes or characters so once converted to bytes, it'll be rather more than the 'bytes'; byte array will handle - a most of 255.
To fix this, we are able to merely check the byte count 1st before setting it to the 'bytes' byte array...
string readLine = Console.ReadLine();
if (Encoding.Default.GetBytes(readLine).Length <= 255) {
byt = Encoding.Default.GetBytes(readLine);
}
Now, if the user enters a string that once regenerate to byte is larger than the 'bytes' byte array will handle, it merely will not arrange to set the 'bytes' byte array to the new input.