Document Type
Article
Date
2002
Keywords
Buffer overflow, format string overflow, array and pointer range checking, Linux, ELF
Language
English
Disciplines
Computer Sciences
Description/Abstract
This article surveys representative techniques of exploiting buffer overflow and format string overflow vulnerabilities and their currently available defensive measures. We also describe our buffer overflow detection technique that range checks the referenced buffers at run time. We augment executable files with type information of automatic buffers (local variables and parameters of functions) and static buffers (global variables in the data/bss section), and maintain the sizes of allocated heap buffers in order to detect an actual occurrence of buffer overflow. We describe a simple implementation with which we currently protect vulnerable copy functions in the C library.
Recommended Citation
Lhee, Kyung-suk and Chapin, Steve J., "Buffer Overflow and Format String Overflow Vulnerabilities" (2002). Electrical Engineering and Computer Science - All Scholarship. 96.
https://surface.syr.edu/eecs/96
Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.