Revision as of 10:16, 6 August 2023 edit Citation bot (talk \| contribs) Bots 5,871,750 edits Add: date. Removed proxy/dead URL that duplicated identifier. \| Use this bot. Report bugs. \| Suggested by Headbomb \| Linked from Wikipedia:WikiProject_Academic_Journals/Journals_cited_by_Wikipedia/Sandbox3 \| #UCB_webform_linked 277/2306 ← Previous edit		Revision as of 14:00, 11 October 2023 edit undo 95.22.72.178 (talk) →A canary example Tags: Reverted Visual edit Next edit →
Line 113: (d..)(c.........)(b...)(a...)(CTLI)(RETA) In this hypothetical situation, if more than ten bytes are written to the array {{code\|c}}, or more than 133 to the character array {{code\|d}}, the excess will overflow into integer pointer {{code\|b}}, then into integer {{code\|a}}, then into the control information, and finally the return address. By overwriting {{code\|b}}, the pointer is made to reference any position in memory, causing a read from an arbitrary address. By overwriting ''RETA'', the function can be made to execute other code (when it attempts to return), either existing functions ([[return-to-libc attack\|ret2libc]]) or code written into the stack during the overflow. In a nutshell, poor handling of {{code\|c}} and {{code\|d}}, such as the unbounded [[strcpy]]() calls above, may allow an attacker to control a program by influencing the values assigned to {{code\|c}} and {{code\|d}} directly. The goal of buffer overflow protection is to detect this issue in the least intrusive way possible. This is done by removing what can be out of harms way and placing a sort of tripwire, or '''canary''', after the buffer.

Buffer overflow protection: Difference between revisions