Fixing Buffer Overflows

TL;DR

Buffer overflows happen when a program tries to write more data into a memory area than it’s allowed, potentially crashing the program or letting attackers take control. This guide shows you how to prevent them by using safer coding practices and tools.

What is a Buffer Overflow?

Imagine a box that can only hold 10 items. If you try to put 15 items in it, some will spill over the sides – that’s similar to a buffer overflow. In computers, ‘boxes’ are areas of memory called buffers. A program might use a buffer to store text or other data.

How Do Buffer Overflows Happen?

They usually happen when:

• Using unsafe functions: Some older C/C++ functions (like strcpy, gets) don’t check the size of the input before copying it into a buffer.
• Incorrect size calculations: If you manually calculate how much space you need for a buffer and get it wrong, you can create an overflow.
• Missing bounds checking: Not verifying that user-provided data fits within the allocated buffer.

How to Prevent Buffer Overflows

1. Use Safe Functions: Replace unsafe functions with their safer alternatives.
   • Instead of strcpy, use strncpy. strncpy takes a maximum length argument to prevent writing beyond the buffer’s size.
   • Instead of gets, use fgets. fgets also requires you to specify the maximum number of characters to read.

   // Unsafe: strcpy(destination, source);

   // Safer: strncpy(destination, source, sizeof(destination) - 1); destination[sizeof(destination) - 1] = ' ';

2. Check Input Lengths: Always validate the length of user input before copying it into a buffer.

   int input_length = strlen(user_input);
   if (input_length >= sizeof(buffer)) {
     // Handle error - input is too long!
   } else {
     strcpy(buffer, user_input); // Still use strncpy for extra safety
   }

3. Allocate Enough Memory: Make sure your buffers are large enough to hold the expected data. Consider the maximum possible length of input and add some extra space.

   char buffer[1024]; // Allocate a 1024-byte buffer

4. Use Bounds Checking: Explicitly check that you’re not writing beyond the boundaries of your buffers. This is especially important when working with arrays and pointers.

   for (int i = 0; i < input_length && i < sizeof(buffer) - 1; ++i) {
     buffer[i] = user_input[i];
   }
   buffer[sizeof(buffer) - 1] = ' '; // Null-terminate the string

5. Compile with Buffer Overflow Protection: Modern compilers offer features to help detect and prevent buffer overflows.
   • Stack Canaries: These are random values placed on the stack before function return addresses. If a buffer overflow overwrites the canary, the program detects it and terminates.
   • Address Space Layout Randomization (ASLR): This makes it harder for attackers to predict where important data is located in memory.
   • Data Execution Prevention (DEP) / No-Execute (NX): This prevents code from being executed from data regions of memory, making it more difficult for attackers to inject and run malicious code.

   To enable these protections when compiling with GCC or Clang, use flags like -fstack-protector-all (for stack canaries), -pie -fPIE (for ASLR) and the compiler will usually enable DEP/NX by default.

6. Use a Code Analysis Tool: Static code analysis tools can scan your code for potential buffer overflow vulnerabilities. Examples include Coverity, SonarQube, and cppcheck.

Testing for Buffer Overflows

You can test for buffer overflows using fuzzing tools (like AFL) or by manually crafting inputs that are larger than the expected buffer size. Look for crashes or unexpected behavior.