Flipped Classroom Lecture 15/9 [RG]: Buffer Overflow

Content

Problems related to memory errors

Buffer overflows and buffer overread
Effects and attacker strategies
- Stack smashing
- Code injection
- Return Oriented Programming
- Other Memory errors

The live lecture will consist of two parts. In the first part you will be divided in groups and you will discuss about one problem and few questions (from previous exams) related to memory errors. At the end of the first part someone can present a solution and we will discuss about alternatives. In the second part we will answer questions regarding buffer overflows and memory errors.

Please, watch the videos and try to solve the previous-exam exercise before the live lecture.

Previous exam problem and questions

Problem

1. Write parameters for the function main that makes the program execute do_something even if pwd <> "1234" and pwd <> "abcd"

2. Explain why this happens.

3. Explain how this problem can be fixed.

typedef struct {
  int i;
  int j;
} root;
typedef struct {
 int i;
} user;

void init(int usertype, void * p) {
  if (usertype == 0) {
    user * u = (user *)p;
    (*u).i = 0;
    return;
  }
  root * r = (root *)p;
  (*r).i = 0;
  (*r).j = 1;
}

void main(char * pwd, int usertype) {
  int authenticated = 0;
  user u;
  if (usertype == 0) 
     authenticated = (strcmp(pwd, "1234") == 0);
  else
     authenticated = (strcmp(pwd, "abcd") == 0);
  init(usertype, &u);
  if (authenticated)
    do_something(u);
}