Security: What is a buffer overrun?

Buffer overrun attack is a very common attack utilized by hackers.  This type of attack is not new.  This attack utilizes poor coding practices in C and C++ code, with the handling of string functions. The following code is an example of a buffer overrun.   

void myMethod(char * pStr) {

    char pBuff[10];

    int nCount = 0;

 

    strcpy(pBuff, pStr);

}

 

void foo()

{

}

Cause:

The input pStr is of an unknown size.  The string copy is unsafe.  If the string (pStr) is greater then 10 characters, then the buffer (pBuff) starts to bleed into nCount and the method foo.  The buffer overrun property exploited would allow for the execution of methods in the application by manipulation of the application input. The real damage is from the manipulation of the input which would allow a fake method to be called in place of a valid one with dangerous input.

 

Solution:

There are three main actions to resolve the problem.  First is to utilize the /GS compile option.  This option creates a cookie between the stack overrun and the return address.  This allows the system to helps prevent buffer overruns, by changing the stack layout.   The second action is to use the <strsafe.h> library.  This library has buffer overrun safe functions that will help with the detection of buffer overflows.  Finally, the last action is to perform extensive code reviews of string functionality and indexes utilized within your application.