Buffer overflow is one of the most common attacks. Which of the following does the “buffer” mean?
A. Small memories on or close to the CPU, e.g., cache or registers
B. Areas of the main memory, e.g., stack or heap
C. The embedded memory in a hard disk drive
D. The memory reserved for DNS entries
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. Areas of the main memory, e.g., stack or heap.
Buffer refers to the memory areas used by a process, which is an executable loaded into the memory by the operating system. There are two types of the buffer: stack and heap. A stack is used to store local variables defined in a function or procedure. A heap is the memory area dynamically allocated to the process by the operating system per the process’s requests.
An executable is transformed from source code through the process of compiling and linking. The code, data, and variables used in the executable are mapped to memory segments after the executable is loaded into the memory to execute. That is, the executable is mapped into the memory and shapes a memory layout.
Protective Countermeasures
- Choice of programming language
- Use of safe libraries
- Data Execution Prevention (DEP)/Structured Exception Handler (SEH)/NX (“No eXecute”) or XD (“eXecute Disabled”)
- Address space layout randomization (ASLR)
- Pointer protection (compiler)
- Deep packet inspection
- Testing (Fuzzing/Edge case testing)
Source: Wikipedia
Reference
- Buffer overflow
- Buffer Overflow Attack Lecture (Part 1)
- Buffer Overflow Attack Lecture (Part 2)
- Week 13: Introduction to Buffer Overflows