It's UWAweek 47

help3007

This forum is provided to promote discussion amongst students enrolled in CITS3007 Secure Coding. If posting a question, it's suggested you check first whether your question is answered in the unit Frequently Asked Questions (FAQ) list, and use the search box (on the right) to see if an answer to your question has already been posted.

Please consider offering answers and suggestions to help other students! And if you fix a problem by following a suggestion here, it would be great if other interested students could see a short "Great, fixed it!"  followup message.

Note that any posts must comply with the UWA Code of Conduct and the UWA Academic Conduct Policy. That means you should (a) treat everyone with respect and courtesy, and (b) not post your solutions to an assessment that's in progress.

If asking a programming question, it's recommended you read How do I ask a good question? If reporting or troubleshooting a bug in software used in the unit, it's recommend you read How to report bugs effectively.
Displaying the 2 articles in this topic
Showing 2 of 170 articles.
Currently 26 other people reading this forum.


 UWA week 12 (1st semester, week 4) ↓
SVG not supported

Login to reply

👍?
helpful
3:13pm Mon 18th Mar, ANONYMOUS

Hi. In the last lecture, it was said that "“buf” is a local variable, that’s in the current stack frame. The other variables in this code are local variables. Those variables are overwritten, then the return address is overwritten, and then the memory location to go to once the function has finished is overwritten. Parameters are then passed to the function. This is how the stack could be exploited". It was in regards to the following code: #define BUFSIZE 512 ... char buf[BUFSIZE]; printf("Please enter your name <Enter>\n"); gets(buf); Could you further explain this?


SVG not supported

Login to reply

👍?
helpful
1:47pm Tue 19th Mar, Arran S.

Hi.

> In the last lecture, it was said that "“buf” is a local variable, that’s in the current stack frame. The other variables in this code are local variables. Those variables are overwritten, then the return address is overwritten, and then the memory location to go to once the function has finished is overwritten. Parameters are then passed to the function. This is how the stack could be exploited". It was in regards to the following code:
>
> #define BUFSIZE 512
> ...
> char buf[BUFSIZE];
> printf("Please enter your name \n");
> gets(buf);

> Could you further explain this?

Can you clarify exactly what it is you don't understand? Otherwise it's difficult for me to know what needs explaining. (In future, it would also be helpful if you gave the exact slide number you're referring to.)

However, I do note that you've quoted slide 72 of lecture 2 incorrectly. The slide does not say:

The other variables in this code are local variables. Those variables are overwritten, then the return address is overwritten, and then the memory location to go to once the function has finished is overwritten. Parameters are then passed to the function. This is how the stack could be exploited

It says something different, namely:

picture of slide

text version:

So what will be sitting in memory after buf?

buf here is a local variable, sitting in the current stack frame. After it come other local variables, so those will get overwritten; and then the return address, the location in memory to go to once the current function has finished; and then the parameters passed to the current function.

Specifically, note that the slide does not say "parameters are passed"; it says that the parameters that were passed are overwritten.

Refer to slide 49 of the same lecture for details of the structure of a stack frame. The slide shows that the stack frame contains

  • local variables for a function
  • an address to return to
  • parameters passed to the function

and these are exactly the things that slide 72 says are overwritten.

Do you know, in general terms, how a CPU works (the 'fetch-execute' cycle) and how the OS manages processes (e.g. storing the current instruction pointer for a process, pushing and popping stack frames)? If the lecture slide explanation of stack frames is not clear, I'd suggest reviewing your operating systems textbook and what it says about those two topics. Without knowing what textbook you're using, I can't say exactly where they would be discussed; however

  • In Arpaci-Dusseau et al, Operating Systems: Three Easy Pieces, they're discussed in section 4, "Processes".
  • In Wienand, Computer Science from the Bottom Up, it's discussed in section 3.1 "The CPU" and section 5.2 "Elements of a process".

For stack-based buffer overflow attacks specifically, you might find helpful the discussion of stack-based buffer overflows contained in section 2.3, "String Vulnerabilities and Exploits", of Seacord, Secure Coding in C and C++.

I hope that helps. If you've worked through the readings and things are still not clear, feel free to post back and say exactly which parts you had trouble with.

Cheers,

Arran

The University of Western Australia

Computer Science and Software Engineering

CRICOS Code: 00126G
Written by [email protected]
Powered by history
Feedback always welcome - it makes our software better!
Last modified  8:08AM Aug 25 2024
Privacy policy