Write a testing program that contains a heap buffer overflow vulnerability. Show

Question

Write a testing program that contains a heap buffer overflow vulnerability. Show what the heap layout looks like and explain how to exploit it. In particular, please include in your diagram: (1) each chunk of memory allocated by malloc(), (2) their sizes in bytes, (3) metadata of heap as it gets overwritten, (4) the sizes of this metadata in bytes, and (5) which metadata get overwritten and how the attacker controls which value can get written to any arbitrary location in memory. Again, you do not need to write the real exploit code, but you may want to use some figures to make your description clear and concise.

Explanation / Answer

1.Testing Program that contains a heap buffer overflow vulnerability:

#define BUFSIZE 256

int main(int argc, char **argv) {

char *buf;

buf = (char *)malloc(sizeof(char)*BUFSIZE);

strcpy(buf, argv[1]);

}

Heap Area is accessed through pointer buf

The buffer is allocated heap memory with a fixed size, but there is no guarantee the string in argv[1] will not exceed this size and cause an overflow

2. Sizes in Bytes:

32 bytes of heap memory is vunerable. ANd it can be accessed through argv[1].

3.

As the argv[1] is grater than 32Bytes meta data of the heap gets overwritten.

4.

As the argv[1] is grater than 32Bytes meta data of the heap gets overwritten and the memory in heap next to 32 bytes is venarable.

5.

The buffer is allocated heap memory with a fixed size, but there is no guarantee the string in argv[1] will not exceed this size and cause an overflow.32 bytes of heap memory is vunerable. ANd it can be accessed through argv[1].

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.