Next: Introduction
Up: Type-Assisted Dynamic Buffer Overflow
Previous: Type-Assisted Dynamic Buffer Overflow
Programs written in C are inherently vulnerable to buffer overflow
attacks. Functions are frequently passed pointers as parameters
without any hint of their sizes. Since their sizes are unknown, most
run time buffer overflow detection techniques instead rely on
signatures of known attacks or loosely estimate the range of the
referenced buffers. Although they are effective in detecting most
attacks, they are not infallible. In this paper we present a buffer
overflow detection technique that range checks the referenced buffers
at run time. Our solution is a small extension to a generic C compiler
that augments executable files with type information of automatic
buffers (local variables and parameters of functions) and static
buffers (global variables in data / bss section) in order to detect
the actual occurrence of buffer overflow. It also maintains the sizes
of allocated heap buffers. A simple implementation is described, with
which we currently protect vulnerable copy functions in the C library.