Understanding Buffer Overflow
(40 points)
Note:
For this task, you may use online resources to
learn
about a program with these vulnerabilities, but please
cite
these online sources. The diagrams you use can be copied from these online resources, but if they are,
explain the diagram thoroughly in your own words. Review “Suggestions/Warnings above about how to cite and the percentage allowed to be copied.
1.
Stack Buffer Overflow
(25 points)
a.
(15 points) Memory Architecture.
(Diagram(s) would be helpful, but are not required)
i. Describe the stack in the address space of the VM (in generalities).
ii. Addresses where in memory the stack would be located (specifically).
• Which direction, relative to overall memory, does a stack consume memory when it grows?
iii. Explain how program control flow is implemented using the stack.
iv. How does the stack structure get affected when a buffer of size ‘non-binary’ is allocated by a function (ie – buffer size which causes misalignment within the stack)? [Also known as ‘non-binary’]
v. Create a diagram that includes the following
• What does the stack structure looks like when data is pushed onto the stack and popped off the stack?
• Show what register values are placed onto and used with the stack.
• Where would arguments be placed on the stack?
• Where are local user variables placed on the stack?
b. (10 points) Testing Program – Stack Buffer Overflow
i.
(4 Points)
Write a testing program (in C) that contains a stack buffer overflow vulnerability. (You
cannot
use
sort.c
from task 2) . You are not required to exploit it.
• Provide this program in your PDF writeup. (copy/paste is fine.
No Screenshots)
ii.
(6 Points)
Show what the stack layout looks like and explain how to exploit it. (Include a diagram)
• Include the following items:
a. The order of parameters (if applicable), return address, saved registers (if applicable), and local variable(s).
b. The sizes in bytes.
c. The overflow direction in the stack.
d. Size of the overflowing buffer to reach and overwrite the return address.
e. Overflow data that is meaningful for an exploit (this can be general).
2.
Heap Buffer
Overflow (15 points)
a.
(5 points)
Memory Architecture. (A diagram would be useful here)
i. Where is the Heap located in a machine’s memory map?
ii. Contrast this to Stack memory allocation (in general terms).
iii. Describe the data structure implemented in a heap memory.
iv. How are allocated and unallocated chunks structured? (Show a diagram)
v. Is heap memory contiguous within the memory architecture? (Yes or No and why?)
b.
(10 points)
Write a testing program (in C) that contains a heap buffer overflow vulnerability. (Provide an example in the project. Copy/paste is fine.
No Screenshot). Again, you do not have to exploit it.
i. Show what the heap layout looks like and explain how to exploit it.
(Include a diagram)
• Include the following items:
a. Each chunk of memory allocated by malloc() and their metadata.
b. Their sizes in bytes.
c. The overflow direction in the heap.
d. The size of the overflowing buffer to reach and overwrite the metadata.
e. Overflow data that is meaningful for an exploit (this can be general).