Parameter Passing and the Call Stack

Similar documents
Buffer overflow background

CPSC 213. Introduction to Computer Systems. Procedures and the Stack. Unit 1e Feb 11, 13, 15, and 25. Winter Session 2018, Term 2

BUFFER OVERFLOW. Jo, Heeseung

Buffer Overflow. Jo, Heeseung

Buffer Overflow. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Basic Buffer Overflows

Security Coding Module - Buffer Overflow Data Gone Wild CS1

CPSC 213. Introduction to Computer Systems. Procedures and the Stack. Unit 1e

Data Abstraction and Specification of ADTs

CS4215 Programming Language Implementation

CSE 565 Computer Security Fall 2018

Operator Precedence Lab

Undefined Behaviour in C

CPSC 213. Introduction to Computer Systems. Procedures and the Stack. Unit 1e

Lecture 3: C Programm

Operating-System Structures

Agenda. The main body and cout. Fundamental data types. Declarations and definitions. Control structures

For example, let s say we define an array of char of size six:

Objectives. Chapter 4: Control Structures I (Selection) Objectives (cont d.) Control Structures. Control Structures (cont d.) Relational Operators

Reserve Engineering & Buffer Overflow Attacks. Tom Chothia Computer Security, Lecture 17

Understand Execution of a Program

Chapter 4: Control Structures I (Selection) Objectives. Objectives (cont d.) Control Structures. Control Structures (cont d.

Lecture 4 September Required reading materials for this class

CSC 438 Systems and Software Security, Spring 2014 Instructor: Dr. Natarajan Meghanathan Question Bank for Module 6: Software Security Attacks

Bouncer: Securing Software by Blocking Bad Input

Short Notes of CS201

Homework 5: Exam Review

Hacking in C. Pointers. Radboud University, Nijmegen, The Netherlands. Spring 2019

CS 2150 Exam 1, Spring 2018 Page 1 of 6 UVa userid:

Static Vulnerability Analysis

CS201 - Introduction to Programming Glossary By

CSCI0330 Intro Computer Systems Doeppner. Lab 02 - Tools Lab. Due: Sunday, September 23, 2018 at 6:00 PM. 1 Introduction 0.

Buffer Overflows Defending against arbitrary code insertion and execution

Beta Mobile app Testing guidelines

6. Pointers, Structs, and Arrays. 1. Juli 2011

Programming Studio #9 ECE 190

CHAPTER 7 OBJECTS AND CLASSES

20: Exploits and Containment

ISA564 SECURITY LAB. Code Injection Attacks

Why bother? Default configurations Buffer overflows Authentication mechanisms Reverse engineering Questions?

6. Pointers, Structs, and Arrays. March 14 & 15, 2011

Using Static Code Analysis to Find Bugs Before They Become Failures

The Stack ADT. Stacks. The Stack ADT. The Stack ADT. Set of objects in which the location an item is inserted and deleted is prespecified.

CHAPTER 7 OBJECTS AND CLASSES

Exercise 1.1 Hello world

Dynamic Memory Management! Goals of this Lecture!

Buffer overflow is still one of the most common vulnerabilities being discovered and exploited in commodity software.

Binding and Storage. COMP 524: Programming Language Concepts Björn B. Brandenburg. The University of North Carolina at Chapel Hill

CS 211 Programming Practicum Fall 2018

Lecture 6: Recursion RECURSION

mywbut.com Exception Handling

Repetitive Program Execution

CPSC 213. Introduction to Computer Systems. Procedures and the Stack. Unit 1e

Software Vulnerabilities August 31, 2011 / CS261 Computer Security

APCS-AB: Java. Recursion in Java December 12, week14 1

CSCI-1200 Data Structures Spring 2018 Lecture 7 Order Notation & Basic Recursion

Why bother? Default configurations Buffer overflows Authentication mechanisms Reverse engineering Questions?

Security and Authentication

PRACTICE-LABS User Guide

Beyond Stack Smashing: Recent Advances in Exploiting. Jonathan Pincus(MSR) and Brandon Baker (MS)

Buffer. This time. Security. overflows. Software. By investigating. We will begin. our 1st section: History. Memory layouts

CMPSC 497 Buffer Overflow Vulnerabilities

EURECOM 6/2/2012 SYSTEM SECURITY Σ

2. Introducing Classes

Dynamic Memory Management

Buffer Overflow. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

CSE409, Rob Johnson, Alin Tomescu, November 11 th, 2011 Buffer overflow defenses

Program Security and Vulnerabilities Class 2

CSE 565 Computer Security Fall 2018

ENEE 457: Computer Systems Security. Lecture 16 Buffer Overflow Attacks

7.1 Optional Parameters

Code with red border means vulnerable code. Code with green border means corrected code. This program asks the user for a password with the function

Buffer Overflow. Jinkyu Jeong Computer Systems Laboratory Sungkyunkwan University

Intrusion Detection and Malware Analysis

Tic Tac Toe Game! Day 8

Your first C++ program

What will happen if we try to compile, link and run this program? Do you have any comments to the code?

Is stack overflow still a problem?

CS 161 Computer Security

C Functions. CS 2060 Week 4. Prof. Jonathan Ventura

Buffer overflow prevention, and other attacks

CS 211 Programming Practicum Spring 2018

3. Except for strings, double quotes, identifiers, and keywords, C++ ignores all white space.

Linked List Implementation of Queues

Pointers II. Class 31

Definition Matching (10 Points)

Data Structures and Algorithms

References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 10/14/2004 1

Week 5, continued. This is CS50. Harvard University. Fall Cheng Gong

Linux Memory Layout. Lecture 6B Machine-Level Programming V: Miscellaneous Topics. Linux Memory Allocation. Text & Stack Example. Topics.

Operating Systems CMPSCI 377, Lec 2 Intro to C/C++ Prashant Shenoy University of Massachusetts Amherst

CS 103 Lab 6 - Party Like A Char Star

Goals of this Lecture

Control Flow Hijacking Attacks. Prof. Dr. Michael Backes

Adding Contracts to C#

C++ Programming: From Problem Analysis to Program Design, Fourth Edition. Chapter 4: Control Structures I (Selection)

Topics. bool and string types input/output library functions comments memory allocation templates classes

Sungkyunkwan University

CS 645: Lecture 3 Software Vulnerabilities. Rachel Greenstadt July 3, 2013

CS 231 Data Structures and Algorithms, Fall 2016

Transcription:

Parameter Passing and the Call Stack IA Concept: Buffer Overflow Introduction A comparison is often drawn between writing a good program and writing a good essay. While they differ in some distinct ways (i.e. writing more lines of code does not always get you closer to being done), they are also similar in many ways. For instance, you can take all of your thoughts and force them into one giant fivepage paragraph, but this will certainly not produce a coherent essay. Although it is possible that all of your ideas will be expressed, they will not be expressed as cleanly as they would have been if they were broken up. Furthermore anyone reading this essay will be lost in a stream of consciousness. Likewise, in order to write a good program, it is important to break up your thoughts into distinct pieces (often referred to as decomposition). Computer scientists have invested time and effort into building languages and tools that assist programmers in this process. The concept of modularity and objected oriented languages are a result of this, but in this lab we will focus on the most basic tool of decomposition, the method. Methods are coherent blocks of code that encapsulate functionality. However, in order to effectively use methods, one must be able to parameterize a method s arguments through what is known as parameter passing. Parameter passing differs from language to language, and thus computer scientists tend to study the mechanisms behind parameter passing in one language in order to not only become a better programmer in the language they are studying, but also to gain better intuition for how it works in other languages. Furthermore, there are certain classes of issues that are only analyzable through an understanding of how data is manipulated during the execution of a program. This lab focuses on one of those problems, buffer overruns, and shows how understanding the run-time stack in C++ can help to both understand and prevent these fatal errors. In this lab, you will: Review basic parameter-passing concepts Learn about the execution stack in C++ Be able to use this information to exploit a buffer overrun

Review Runtime Stack We begin with a brief review of parameter passing, looking into how the stack is utilized to make it possible. But what is the stack? The stack can be thought of as a stack of plates that grows downward. Whenever a method is called, one of these plates (called a stack frame) is created with enough space to hold all the local variables. When we return from that method the stack frame for that method is popped off the stack, and its data is no more. Let s say for example we have the following C++ code: When main is called, a stack frame is created with enough space for x and y as follows: This stack diagram is a representation of memory in a computer. Memory is laid out logically starting at address 0x0 and ending with address 0xffffffff (notice how the numbers get larger as the stack grows downward.) If we add a method call, in addition to the variables declared inside of it, its 2 parameters are also pushed onto the stack. Say the above program is modified as follows:

We begin by setting up the stack frame for main: Next, we execute the line: int x = 2; This will leave us with the following stack:

But in order to get a value for y, we must first execute the method foo. In order to prepare for foo to be called, main must place some overhead on the stack, then it must push any parameters necessary for foo on the stack. And so, when foo is called, it begins execution with the following execution stack. Because foo is the top plate on the stack, we only see its local variables, thus there is no problem with different variables with identical names as long as they are used in a different method. Continuing execution of the program we have the line: int x = z; Which will write the value of z into x.

Notice that in order to attain the value of z, foo must blindly reach up and assume that main put the correct argument on the stack. Next, we proceed to the line: return x + z; This will have the effect of adding the values of x and y from foo s stack frame and signaling that this value is the return value. After we hit the closing brace we pop the stack frame for foo off the stack, and we are left with the following stack:

Where the 4 was the return value of the function call (foo). At this point the execution of our program is finished. Main will pop the rest of its stack frame, signaling the end of execution. Exercises 1. After perfecting your C++ skills you land an internship as a software engineer at ATM inc. While buggy code is always troublesome, bugs in the ATM code can be particularly harmful and could potentially cause irrefutable damage. As part of your training, you are told to write a simple method that reads and authenticates account numbers and PINs. The method should prompt the user to enter an account number and a PIN (using getline(cin, str)) and check whether the PIN is the correct password for the given account number. Your supervisor has given you the following function: bool isauthentic(char accountnum[], char pin[]); which takes two char arrays containing the 16-digit account number and 4- digit PIN (respectively). isauthentic returns true if the PIN is the correct PIN for the given account number and returns false otherwise. You may assume that the user will only enter numeric characters. The method should return the account number if it authenticates and "" if it does not. (Hint: you must convert the input into two arrays of chars) (you may add #include or #define lines and as many helper functions as you wish)

string getaccountnum() { } Is your code safe from buffer overflows? Why? If the user entered an 8-digit number for the PIN instead of 4-digits, would your program behave correctly? Why? Sometimes, programmers allocate space for local arrays and do not check to see if user input will fit the allocated space. This error is called a buffer overrun. Buffer overruns in Java throw an exception, while in C++ they may go undetected. Are there advantages to the C++ approach of not throwing an exception? If so, what are they?

2. Just when you finish and present your code to your supervisor, someone else on your team says they have also finished the same task and claims that they have written secure code. You investigate and see the following code: string getaccountnum() { char accountnum[16]; char digits[4]; cout << "Enter your 4 digit PIN: "; string pin_str; getline(cin, pin_str); cout << "Enter your 16 digit account number: "; string acc_num; getline(cin, acc_num); for (int j = 0; j < acc_num.length; j++) { accountnum[j] = acc_num[j]; } for (int i = 0; i < pin_str.length; i++) { digits[i] = pin_str[i]; } } if (isauthentic(accountnum, digits)) { return acc_num; } return ""; What is wrong with the code above? Assume the user inputs 12345678 for the PIN and 1111222233334444 for the account number. Fill in a stack diagram just before isauthentic is called. (Note: the stack grows downward, but arrays on the stack are arranged in the opposite direction, as shown below.)

Security Implications In 2001, a computer worm, dubbed Code Red, was observed on the Internet. Released on July 13th, Code Red infiltrated 359,000 hosts, the largest group of computers infected, by July 19, 2001. The worm spread itself by taking advantage of a buffer overflow vulnerability; in fact, the vulnerability that the worm exploited was the exact same as the one from problem 2 above! The worm used a long string of the repeated character N to overflow a buffer. The string of N s was so long, in fact, that it overflowed past the local variables and into the metadata of a function, allowing the worm to execute the string following the last N as computer instructions and infect the machine. The effects of the worm included: Defaced the affected web site to display: HELLO! Welcome to http://www.worm.com! Hacked by Chinese! Launched denial of service attacks on several fixed IP addresses. The IP address of the white House web server was amount those. For more information about the Code Red worm, you may visit these links: http://www.unixwiz.net/techtips/coderedii.html http://www.caida.org/research/security/code-red/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback