Why do we need Pointers? Call by Value vs. Call by Reference in detail Implementing Arrays Buffer Overflow / The Stack Hack

Similar documents
Chapter 16 Pointers and Arrays

Chapter 16 Pointers and Arrays

Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Pointers and Arrays

n Address of a variable in memory n Allows us to indirectly access variables ! Array n A list of values arranged sequentially in memory

Chapter 16. Pointers and Arrays. Address vs. Value. Another Need for Addresses

Pointers and Arrays A QUICK PREVIEW OF FOR CHAPTERS 10 AND 11 CMPE13. Cyrus Bazeghi

CS 2461: Computer Architecture I

Buffer Overflow. Jo, Heeseung

BUFFER OVERFLOW. Jo, Heeseung

Buffer Overflow. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Linux Memory Layout. Lecture 6B Machine-Level Programming V: Miscellaneous Topics. Linux Memory Allocation. Text & Stack Example. Topics.

Buffer Overflow. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Buffer Overflow. Jinkyu Jeong Computer Systems Laboratory Sungkyunkwan University

Sungkyunkwan University

Linux Memory Layout The course that gives CMU its Zip! Machine-Level Programming IV: Miscellaneous Topics Sept. 24, Text & Stack Example

Introduction to Computer Systems , fall th Lecture, Sep. 28 th

Machine-Level Programming V: Miscellaneous Topics Sept. 24, 2002

Giving credit where credit is due

Buffer overflows (a security interlude) Address space layout the stack discipline + C's lack of bounds-checking HUGE PROBLEM

Buffer overflows. Specific topics:

211: Computer Architecture Summer 2016

Buffer Overflows. Buffer Overflow. Many of the following slides are based on those from

Computer Systems CEN591(502) Fall 2011

Basic Buffer Overflows

Machine-Level Programming IV: Structured Data

CSC 252: Computer Organization Spring 2018: Lecture 9

Machine-Level Prog. V Miscellaneous Topics

Program Security and Vulnerabilities Class 2

Machine Programming 5: Buffer Overruns and Stack Exploits

Machine-Level Programming V: Buffer overflow

(Early) Memory Corruption Attacks

Buffer Overflows. CSE 351 Autumn 2018

Quick Note on Memory 198:211 Computer Architecture

Buffer Overflows Defending against arbitrary code insertion and execution

Machine-Level Programming V: Advanced Topics

Buffer Overflows. CSE 351 Autumn Instructor: Justin Hsia

Buffer Overflows. CSE 410 Winter Kathryn Chan, Kevin Bi, Ryan Wong, Waylon Huang, Xinyu Sui

Machine- Level Programming V: Advanced Topics

Midterm 1 Review. Introduction to Programming in C. General. Turing Machine. Universal Turing Machine

Memory Corruption 101 From Primitives to Exploit

Fundamentals of Computer Security

Pointers. Memory. void foo() { }//return

2 Sadeghi, Davi TU Darmstadt 2012 Secure, Trusted, and Trustworthy Computing Chapter 6: Runtime Attacks

Lecture 4 September Required reading materials for this class

CSCE 548 Building Secure Software Buffer Overflow. Professor Lisa Luo Spring 2018

Machine-Level Prog. V Miscellaneous Topics

Machine-Level Programming V: Advanced Topics

G Programming Languages - Fall 2012

One-Slide Summary. Lecture Outline. Language Security

Binary Representation. Decimal Representation. Hexadecimal Representation. Binary to Hexadecimal

Decimal Representation

CMPSC 497 Buffer Overflow Vulnerabilities

Computer Science & Engineering 150A Problem Solving Using Computers

CSE 565 Computer Security Fall 2018

CPSC 213. Introduction to Computer Systems. Procedures and the Stack. Unit 1e Feb 11, 13, 15, and 25. Winter Session 2018, Term 2

Agenda. Peer Instruction Question 1. Peer Instruction Answer 1. Peer Instruction Question 2 6/22/2011

CNIT 127: Exploit Development. Ch 1: Before you begin. Updated

Machine-level Programs Adv. Topics

Pointer Basics. Lecture 13 COP 3014 Spring March 28, 2018

High-performance computing and programming Intro to C on Unix/Linux. Uppsala universitet

Arrays, Strings, & Pointers

Chapter 11 Introduction to Programming in C

CSE 509: Computer Security

Pointers, Arrays, and Strings. CS449 Spring 2016

Buffer overflow background

CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING

Beyond Stack Smashing: Recent Advances in Exploiting. Jonathan Pincus(MSR) and Brandon Baker (MS)

COSC121: Computer Systems: Runtime Stack

Computer Programming Lecture 12 Pointers

Introduction to Scientific Computing and Problem Solving

Lecture 4: Outline. Arrays. I. Pointers II. III. Pointer arithmetic IV. Strings

Software Security: Buffer Overflow Attacks (continued)

Machine-Level Programming V: Advanced Topics

Chapter 11 Introduction to Programming in C

12/11/ The TOY Machine II. Data Representation. What We've Learned About TOY. What We Do Today. Adding and Subtracting Binary Numbers

Computer Systems Lecture 9

Betriebssysteme und Sicherheit Sicherheit. Buffer Overflows

5. The TOY Machine II

CS 645: Lecture 3 Software Vulnerabilities. Rachel Greenstadt July 3, 2013

Scope: Global and Local. Concept of Scope of Variable

컴퓨터개념및실습. 기말고사 review

Software Security: Buffer Overflow Defenses

Practical Malware Analysis

Buffer-Overflow Attacks on the Stack

Language Security. Lecture 40

CPSC 213. Introduction to Computer Systems. Procedures and the Stack. Unit 1e

Lecture 9 Assertions and Error Handling CS240

Chapter 11 Introduction to Programming in C


CS201 Lecture 2 GDB, The C Library

211: Computer Architecture Summer 2016

3/7/2018. Sometimes, Knowing Which Thing is Enough. ECE 220: Computer Systems & Programming. Often Want to Group Data Together Conceptually

CPSC 213. Introduction to Computer Systems. Procedures and the Stack. Unit 1e

Secure Programming I. Steven M. Bellovin September 28,

Problem Solving in C. Stepwise Refinement. ...but can stop refining at a higher level of abstraction. Same basic constructs. as covered in Chapter 6

CS 161 Computer Security

CYSE 411/AIT681 Secure Software Engineering Topic #12. Secure Coding: Formatted Output

2/9/18. CYSE 411/AIT681 Secure Software Engineering. Readings. Secure Coding. This lecture: String management Pointer Subterfuge

CS 61c: Great Ideas in Computer Architecture

We will focus on Buffer overflow attacks SQL injections. See book for other examples

Transcription:

Chapter 16 Why do we need Pointers? Call by Value vs. Call by Reference in detail Implementing Arrays Buffer Overflow / The Stack Hack

A problem with parameter passing via stack Consider the following function that's designed to swap the values of its arguments. void Swap(int firstval, int secondval){ int tempval = firstval; firstval = secondval; secondval = tempval; } int main () { int valuea = 3, valueb = 4; Swap (valuea, valueb); 2

Executing the Swap Function before call after call Swap 3 tempval These values changed... R6 3 4 4 3 R6 firstval secondval valueb valuea main 4 3 4 3 firstval secondval valueb valuea...but these did not. 3

Pointers and Arrays Functions such as the swap example need to be able access variables stored in memory locations outside of their own activation record A function s activation record defines its scope We've seen examples of how to do this in Assembly. Pointer Address of a variable in memory Allows us to indirectly access variables in other words, we can talk about its address rather than its value Array (still a pointer!) An area of allocated memory with values arranged sequentially Expression a[4] refers to the 5th element of the array a The array variable is a pointer to the base of the array Base + offset Thus the first element is 0 4

Pointers in C C lets us talk about and manipulate addresses as pointer variables But first, lets refresh the somewhat confusing bits. &: The address-of or reference operator This operator does one thing. It returns the address of the variable which follows #include <stdio.h> int main() { int x = 0; printf("address of x "); printf("= 0x%p \n", &x); return 0; } Output: Address of x = 0x0065FDF4 5

Pointers in C How do we store addresses? Pointer variables! Although all pointers in C are exactly the same type (address) they are also typed by the compiler so that the data to which they refer can be appropriately interpreted. A pointer in C is always a pointer to a particular data type: int*, double*, char*, etc. Declaration int *p; /* p is a pointer to an int */ Operators *p -- returns the value pointed to by p (indirect address / dereference op) &z -- returns the address of variable z (address-of operator) Important point of common confusion! * means a pointer variable when used in a declaration * means access the information that this address points to elsewhere What does *3 mean? 6

Check for understanding #include <stdio.h> int main() { int x = 12; int *ptr = &x; printf("address of x:\t 0x%p\n", ptr); printf("address of x:\t 0x%x\n", &x); printf("address of ptr:\t 0x%x\n", &ptr); printf("value of x:\t %d\n", *ptr); Address of x: 0x0065FDF4 Address of x: 0x65fdf4 Address of ptr: 0x65fdf0 Value of x: 12 } return 0; 7

Check for understanding #include <stdio.h> int main() { int x[10] = {0,1,2,3,4,5,6,7,8,9}; printf("address of x[0]:\t 0x%p\n", &x[0]); printf("address of x:\t 0x%p\n", x); printf("value of x[0]:\t %d\n", x[0]); printf("value of x[0]:\t %d\n", *x); } return 0; Address of x[0]: 0x0065FDD0 Address of x: 0x0065FDD0 Value of x[0]: 0 Value of x[0]: 0 8

Example int i; int *ptr; store the value 4 into the memory location associated with i i = 4; ptr = &i; *ptr = *ptr + 1; store the address of i into the memory location associated with ptr store the result into memory at the address stored in ptr read the contents of memory at the address stored in ptr 9

Example: LC-3 Code ; i is 1st local (offset 0), ptr is 2nd (offset -1) ; i = 4; AND R0, R0, #0 ; clear R0 ADD R0, R0, #4 ; put 4 in R0 STR R0, R5, #0 ; store in i ; ptr = &i; ADD R0, R5, #0 ; R0 = R5 + 0 (addr of i) STR R0, R5, #-1 ; store in ptr ; *ptr = *ptr + 1; LDR R0, R5, #-1 ; R0 = ptr LDR R1, R0, #0 ; load contents (*ptr) ADD R1, R1, #1 ; add one STR R1, R0, #0 ; store result where R0 points Name Type Offset Scope i ptr R6 R5 int Int* xf000 0-1 xeffc 4 xxxx xxxx xxxx main main ptr i fp pc ret 10

Call by reference Passing a pointer as an argument allows the function to read/change memory outside its activation record. But not the pointer itself! If you wanted to change the pointer itself, what would you need to do? void NewSwap(int *firstval, int *secondval) { int tempval = *firstval; } *firstval = *secondval; *secondval = tempval; Arguments are integer pointers. Caller passes addresses of variables that it wants function to change. 11

Passing Pointers to a Function main() wants to swap the values of valuea and valueb NewSwap(&valueA, &valueb); LC-3 Code for main: ADD R0, R5, #-1 ; addr of valueb ADD R6, R6, #-1 ; push STR R0, R6, #0 ADD R0, R5, #0 ; addr of valuea ADD R6, R6, #-1 ; push STR R0, R6, #0 R6 R5 xeffd xeffa xeff9 4 3 firstval secondval valueb valuea 12

Code Using Pointers Inside the NewSwap routine ; int tempval = *firstval; LDR R0, R5, #4 ; R0=xEFFA LDR R1, R0, #0 ; R1=M[xEFFA]=3 STR R1, R5, #0 ; tempval=3 ; *firstval = *secondval; LDR R1, R5, #5 ; R1=xEFF9 LDR R2, R1, #0 ; R1=M[xEFF9]=4 STR R2, R0, #0 ; M[xEFFA]=4 ; *secondval = tempval; LDR R2, R5, #0 ; R2=3 STR R2, R1, #0 ; M[xEFF9]=3 R6 R5 9 A B C xeffd 3 xeffa xxxx xxxx xeffa xeff9 3 4 tempval dynlnk retaddr retval firstval secondval valueb valuea 13

Pointer arithmetic Pointer arithmetic If ptr is a pointer, what is ptr = ptr + 1? It depends on the size of the data pointed to by ptr!! On a x86 (byte addressable) machine int* ptr; ptr = ptr + 1; /* ptr increases by 2 */ long* ptr; ptr = ptr + 1; /* ptr increases by 4 */ Sometimes we want a pointer that points to nothing. In other words, we declare a pointer, but have nothing to point to (yet). int *p; p = NULL; /* p is a null pointer */ NULL is a predefined macro that contains a value that a non-null pointer should never hold. Often, NULL = 0, because Address 0x00000000 is not a legal address for most programs on most platforms BUT it depends on the machine! 14

Using Arguments for Results Pass address of variable where you want result stored useful for multiple results Example: return value via pointer return status code as function result This solves the mystery of why & with argument to scanf: scanf("%d ", &datain); But what about: scanf( %s, &buffer);?? read a decimal integer and store in datain 15

Arrays Declaration type variablename [size]; All elements are the same type/size Number of elements known at compile time Reference variablename [num] Accesses num-th 1 entry in array Numbering starts from 0 No limit checking at compile- or run-time Array elements can be allocated as part of the activation record (local) or in global memory int grid[10]; First element (grid[0]) is at lowest address of allocated space If grid is only local variable allocated, then R5 will point to grid[9] grid[0] grid[1] grid[2] grid[3] grid[4] grid[5] grid[6] grid[7] grid[8] grid[9] 16

Array code for LC-3 ; x = grid[3] + 1 ADD R0, R5, #-9 ; R0 = &grid[0] LDR R1, R0, #3 ; R1 = grid[3] ADD R1, R1, #1 ; plus 1 STR R1, R5, #-10 ; x = R1 ; grid[6] = 5; AND R0, R0, #0 ADD R0, R0, #5 ; R0 = 5 ADD R1, R5, #-9 ; R1 = &grid[0] STR R0, R1, #6 ; grid[6] = R0 Name Type Offset Scope grid x int int* -9-10 main main R5 x grid[0] grid[1] grid[2] grid[3] grid[4] grid[5] grid[6] grid[7] grid[8] grid[9] 17

More Array code for LC-3 ; grid[x+1] = grid[x] + 2 LDR R0, R5, #-10 ; R0 = x ADD R1, R5, #-9 ; R1 = &grid[0] ADD R1, R0, R1 ; R1 = &grid[x] LDR R2, R1, #0 ; R2 = grid[x] ADD R2, R2, #2 ; add 2 LDR R0, R5, #-10 ; R0 = x ADD R0, R0, #1 ; R0 = x+1 ADD R1, R5, #-9 ; R1 = &grid[0] ADD R1, R0, R1 ; R1 = &grix[x+1] STR R2, R1, #0 ; grid[x+1] = R2 Name Type Offset Scope grid x int int* -9-10 main main R5 x grid[0] grid[1] grid[2] grid[3] grid[4] grid[5] grid[6] grid[7] grid[8] grid[9] 18

Arrays are Pointers char word[10]; char *cptr; cptr = word; /* points to word[0] */ Note that you CAN change cptr, but you CANNOT change word. What is the difference between them? Each line below gives three equivalent expressions: cptr word &word[0] (cptr + n) (word + n) &word[n] *cptr *word word[0] *(cptr + n) *(word + n) word[n] 19

Multi-dimensional arrays How do you layout a multi-dimensional array in one-dimensional memory? Array layout is critical for correctly passing arrays between programs written in different languages. It is also important for performance when traversing an array because accessing array elements that are contiguous in memory is usually faster than accessing elements which are not, due to caching. Row-major order In row-major storage, a multidimensional array in linear memory is accessed such that rows are stored one after the other. { {1, 2, 3}, {4, 5, 6} } is stored 1, 2, 3, 4, 5, 6 offset = row*numcols + column Column-major order Row-major order is used in C, C++, Java, and most modern languages. Column-major order is used in Fortran and Matlab. 20

Passing Arrays as Arguments C passes arrays by reference the address of the array (i.e., of the first element) is written to the function's activation record otherwise, would have to copy each element main() { int numbers[max_nums]; mean = Average(numbers); } int Average(int inputvalues[max_nums]) { for (index = 0; index < MAX_NUMS; index++) sum = sum + indexvalues[index]; return (sum / MAX_NUMS); } Note: Size of static array must be known at compile time, so MAX_NUMS must be a constant 21

A String is an Array of Characters Allocate space for a string just like any other array: char outputstring[16]; Space for string must contain room for terminating zero. Special syntax for initializing a string: char outputstring[16] = "Result = "; which is the same as: outputstring[0] = 'R'; outputstring[1] = 'e'; outputstring[2] = 's';... outputstring[9] = '\0'; 22

I/O with Strings Printf and scanf use "%s" format character for string Printf -- print characters up to terminating zero printf("%s", outputstring); Scanf -- read characters until whitespace, store result in string, and terminate with zero scanf("%s", inputstring); 23

Common Pitfalls with Arrays in C Overrun array limits There is no checking at run-time or compile-time to see whether reference is within array bounds. int array[10]; int i; for (i = 0; i <= 11; i++) array[i] = 0; What will happen? Think about the activation record! Declaration with variable size Size of array must be known at compile time. void SomeFunction(int num_elements) { int temp[num_elements]; } 24

Pointer Arithmetic Address calculations depend on size of elements In our LC-3 code, we've been assuming one word per element. e.g., to find 4th element, we add 4 to base address It's ok, because we've only shown code for int and char, both of which take up one word. If double, we'd have to add 8 to find address of 4th element. C does size calculations under the covers, depending on size of item being pointed to: double x[10]; double *y = x; *(y + 3) = 13; allocates 20 words (2 per element) same as x[3] -- base address plus 6 25

How important is understanding memory? C does not enforce memory safety Many ways to access memory illegally Accessing an array out of bounds Bad pointer arithmetic manipulations Some memory bugs come into play only rarely When manipulating large files/strings, etc. Accessing an array out of bounds Bad pointer arithmetic manipulations Crash errors: Program accesses illegal memory (SEG Fault) OK for user programs, not so good for OS programs Non-crash errors: Strange glitches, magic results Intentional exploits: These bugs are repeatable and can be exploited to cause great harm 26

Consider: How can memory be exploited? void read_array() { int array[6]; int index; int hex; } index = 0; do { hex = gethexinput(); array[index] = hex; index++; } until (hex == 0); // code to manipulate data 27

Consider: Prologue void read_array() { int array[6]; int index; int hex;.orig x3000 READ_AR ADD R6, R6, #-1 ; push return ADD R6, R6, #-1 ; push ret link STR R7, R6, #0 ADD R6, R6, #-1 ; push frame ptr STR R5, R6, #0 ; ADD R5, R6, #-1 ; set frame ptr index = 0; do { hex = gethexinput(); ADD R6, R6, #-6 ; int array[6] (#0-#-5) ADD R6, R6, #-1 ; int index (#-6) ADD R6, R6, #-1 ; int hex (#-7) array[index] = hex; index++; } until (hex == 0); ADD R6, R6, #-1 ; Callee save R0 (#-8) STR R0, R5, #-8 ADD R6, R6, #-1 ; Callee save R1 (#-9) STR R1, R5, #-9 } // code to manipulate data AND R0, R0, #0 ; index = 0 STR R0, R5, #-1 ; 28

Consider: Body void read_array() { int array[6]; int index; int hex; index = 0; do { hex = gethexinput(); array[index] = hex; index++; } until (hex == 0); // code to manipulate data } NEXT TRAP x40 ; hex = gethexinput() STR R0, R5, #-7 ; ; array[index] = hex LDR R0, R5, #-6 ; R0 <- index ADD R1, R5, #-5 ; R1 <- &array[0] ADD R1, R1, R0 ; R1 <- &array[index] LDR R0, R5, #-7 ; R0 <- hex STR R0, R1, #0 ; array[index] = hex LDR R1, R5, #-6 ; index++ ADD R1, R1, #1 STR R1, R5, #-6 LDR R0, R5, #-7 ; until (hex = 0) BRnp NEXT 29

Consider: Epilogue void read_array() { int array[6]; int index; int hex; LDR R1, R5, #-9 ; Callee restore R1 ADD R6, R6, #1 LDR R0, R5, #-8 ; Callee restore R0 ADD R6, R6, #1 ADD R6, R6, #8 ; Pop locals } index = 0; do { hex = gethexinput(); array[index] = hex; index++; } until (hex == 0); // code to manipulate data.end LDR R5, R6, #0 ; pop frame ptr ADD R6, R6, #1 LDR R7, R6, #0 ; pop ret link ADD R6, R6, #1 RET 30

READ_AR ADD R6, R6, #-1 ; push return ADD R6, R6, #-1 ; push ret link STR R7, R6, #0 ADD R6, R6, #-1 ; push frame ptr STR R5, R6, #0 ; ADD R5, R6, #-1 ; set frame ptr ADD R6, R6, #-6 ; int array[6] (#0-#-5) ADD R6, R6, #-1 ; int index (#-6) ADD R6, R6, #-1 ; int hex (#-7) ADD R6, R6, #-1 ; Callee save R0 (#-8) STR R0, R5, #-8 ADD R6, R6, #-1 ; Callee save R1 (#-9) STR R1, R5, #-9 AND R0, R0, #0 ; index = 0 STR R0, R5, #-6 ; NEXT TRAP x40 ; hex = gethexinput() STR R0, R5, #-7 ; ; array[index] = hex LDR R0, R5, #-6 ; R0 <- index ADD R1, R5, #-5 ; R1 <- &array[0] ADD R1, R1, R0 ; R1 <- &array[index] LDR R0, R5, #-7 ; R0 <- hex STR R0, R1, #0 ; array[index] = hex LDR R1, R5, #-6 ; index++ ADD R1, R1, #1 ; STR R1, R5, #-6 ; LDR R0, R5, #-7 ; until (hex = 0) BRnp NEXT xeff2 xeff3 xeff4 xeff5 xeff6 xeff7 xeff8 xeff9 xeffa xeffb xeffc xeffd xeffe xefff xf000 xf001 31

Stack hack (Smashing the Stack) Exploit a buffer or array overrun Overwrite return link, inject code (processor specific), and take over machine What if the OS can set the stack to be non-executable? void checkaccess() { boolean valid = check_password(); if (valid) { giveaccess(); } else { denyaccess(); } } /* end checkaccess */ 32

String Library Code Implementation of C/C++ function gets No way to specify limit on number of characters to read /* Get string from stdin */ char *gets(char *dest) { int c = getc(); char *p = dest; while (c!= EOF && c!= '\n') { *p++ = c; c = getc(); } *p = '\0'; return dest; } Similar problems with other C/C++ functions strcpy,scanf, fscanf, sscanf, when given %s conversion specification cin (as commonly used in C++) 33

Vulnerable Buffer Code /* Echo Line */ void echo() { char buf[4]; /* Way too small! */ gets(buf); puts(buf); } int main() { printf("type a string:"); echo(); return 0; } 34

Buffer Overflow Executions unix>./bufdemo Type a string:123 123 unix>./bufdemo Type a string:12345 Segmentation Fault unix>./bufdemo Type a string:12345678 Segmentation Fault 35

Malicious Use of Buffer Overflow Stack after call to gets() return address A void foo(){ bar();... } void bar() { char buf[64]; gets(buf);... } data written by gets() A B pad exploit code bar stack frame foo stack frame Input string contains byte representation of executable code Overwrite return address with address of buffer When bar() executes ret, will jump to exploit code 36

Exploits Based on Buffer Overflows Buffer overflow bugs allow remote machines to execute arbitrary code on victim machines. Internet worm Early versions of the finger server (fingerd) used gets() to read the argument sent by the client: finger droh@cs.cmu.edu Worm attacked fingerd server by sending phony argument: finger exploit-code padding new-return-address exploit code: executed a root shell on the victim machine with a direct TCP connection to the attacker. IM War AOL exploited existing buffer overflow bug in AIM clients exploit code: returned 4-byte signature (the bytes at some location in the AIM client) to server. When Microsoft changed code to match signature, AOL changed signature location. 37

Code Red Worm History June 18, 2001. Microsoft announces buffer overflow vulnerability in IIS Internet server July 19, 2001. over 250,000 machines infected by new virus in 9 hours White house must change its IP address. Pentagon shut down public WWW servers for day When We Set Up CS:APP Web Site Received strings of form GET /default.ida?nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn...nnnnnnnnn NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6 858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u 0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 325 "-" "-" 38

Code Red Exploit Code Starts 100 threads running Spread self Generate random IP addresses & send attack string Between 1st & 19th of month Attack www.whitehouse.gov Send 98,304 packets; sleep for 4-1/2 hours; repeat Denial of service attack Between 21st & 27th of month Deface server s home page After waiting 2 hours 39

iphone hack Exploits stack overflow of jpeg display dll (which runs as root) What does this mean about the safety of viewing images, in general? The Safety of using library code, in general? What are your ethical responsibilities? 40

Avoiding Overflow Vulnerability /* Echo Line */ void echo() { char buf[4]; /* Way too small! */ scanf( %3s,&buf); printf( %s,buf); } Use Library Routines that Limit String Lengths Use %ns NOT %s Why %3 above? Do NOT use cin in C++ 41

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback