Secure Coding: Buffer Overruns

Question 1

What is a buffer overrun?

Answer 1

A programming error where data exceeds a buffer’s capacity, overwriting memory.

Question 2

When did buffer overruns first appear?

Answer 2

1960s, notably exploited by the 1988 Worm.

Question 3

What is the impact of a buffer overrun?

Answer 3

Can cost millions if systems are compromised.

Question 4

Why are C and C++ prone to buffer overruns?

Answer 4

Allow direct memory manipulation, increasing error risk.

Question 5

What is a buffer in programming?

Answer 5

A contiguous memory block holding multiple instances of one data type.

Question 6

What is a C++ span?

Answer 6

A lightweight abstraction for a contiguous sequence of values in memory.

Question 7

What does a C++ span contain?

Answer 7

A pointer to data and a length, with convenience methods.

Question 8

What is std::string_view in C++?

Answer 8

A view of a string defined elsewhere, avoiding copies.

Question 9

What are std::string_view’s benefits?

Answer 9

Good performance, observes strings without copying.

Question 10

When did Microsoft create secure C string functions?

Answer 10

2002, later part of C11 Annex K and ISO/IEC WDTR 24731.

Question 11

What is an example of a secure C string function?

Answer 11

strcat_s(dest, size, src).

Question 12

What is OpenBSD’s equivalent to strcat_s?

Answer 12

strlcat.

Question 13

What is gcc’s equivalent to strcat_s?

Answer 13

strncat(to, from, size).

Question 14

Why is char *gets unsafe?

Answer 14

Reads from stdin until CR/LF, risking buffer overflow.

Question 15

What should replace char *gets?

Answer 15

fgets or C++ stream objects.

Question 16

What is a static solution for buffer overruns?

Answer 16

Use strncpy, strlcpy, or strlcat.

Question 17

What is a dynamic solution for buffer overruns?

Answer 17

Use C++ std::string or SafeStr library.

Question 18

Why avoid std::string’s data() or c_str()?

Answer 18

Extracting C strings can reintroduce buffer overrun risks.

Question 19

What is a stack overrun?

Answer 19

A buffer on the stack is overrun, overwriting the function’s return address.

Question 20

What causes a stack overrun?

Answer 20

Unchecked user input in functions like strcpy().

Question 21

What can an attacker achieve with a stack overrun?

Answer 21

Execute malicious code, like binding a shell to a port.

Question 22

What is a static buffer overflow?

Answer 22

Another term for stack-based buffer overflows.

Question 23

Why fix all buffer overrun bugs?

Answer 23

All are potentially exploitable, even if not proven.

Question 24

What is a heap overrun?

Answer 24

Writing data beyond a heap-allocated buffer’s bounds.

Question 25

Why are heap overruns serious?

Answer 25

Programmers may think they’re not exploitable, but they are.

Question 26

What makes heap overruns harder to exploit?

Answer 26

Lack of direct control over critical memory like return addresses.

Question 27

Why are tools for heap overruns limited?

Answer 27

Unlike StackGuard for stack overruns, similar tools are scarce.

Question 28

Do heap overruns exist across OSes?

Answer 28

Yes, including Unix and Windows.

Question 29

Why avoid writing user input to arbitrary memory?

Answer 29

Prevents exploitation via buffer overruns.

Question 30

What are array indexing errors?

Answer 30

Writing to memory beyond an array’s bounds, similar to buffer overruns.

Question 31

Are array indexing errors common exploits?

Answer 31

Less common than buffer overruns but still dangerous.

Question 32

What are string format bugs?

Answer 32

Vulnerabilities in vararg functions like printf, leading to memory issues.

Question 33

Why is printf(input) exploitable?

Answer 33

Allows format string attacks, unlike printf('%s', input).

Question 34

When were string format bugs found?

Answer 34

In 2000 and 2001, in UNIX and some Windows apps.

Question 35

What does C++20’s formatting library use?

Answer 35

{} delimiters instead of printf’s %.

Question 36

What is a Unicode/ANSI buffer size mismatch?

Answer 36

Mixing element counts with byte sizes in Windows Unicode buffers.

Question 37

What is an example of a Unicode buffer overrun?

Answer 37

Internet Printing Protocol (IPP) vulnerability (MS01-23).

Question 38

How do Unicode functions handle buffer sizes?

Answer 38

In wide characters, not bytes, unlike ANSI.

Question 39

How can buffer overruns be prevented?

Answer 39

Validate all inputs and isolate internal implementation.

Question 40

What is offensive programming?

Answer 40

Expecting and handling erroneous input, possibly crashing the program.

Question 41

When was offensive programming coined?

Answer 41

In a 1998 Usenet post.

Question 42

What is exception handling?

Answer 42

Raising errors to propagate outside buggy code, isolating failures.

Question 43

How does exception handling help?

Answer 43

Constrains failures to buggy parts, preserving system integrity.

Question 44

What is an example of exception handling?

Answer 44

A word processor failing a printout without losing the document.

Question 45

What is Visual C++ .NET’s /GS option?

Answer 45

Protects against simple stack overruns, similar to StackGuard.

Question 46

What is StackGuard?

Answer 46

Inserts a canary value before the return address to detect overruns.

Question 47

Who developed StackGuard?

Answer 47

Crispin Cowan and others in 1998.

Question 48

What is a canary in StackGuard?

Answer 48

A guard value that detects if a buffer overflow alters the return address.

Question 49

What is a limitation of StackGuard?

Answer 49

Doesn’t protect against overflows overwriting other values.

Question 50

What is PointGuard?

Answer 50

An extension of StackGuard to protect additional data like function pointers.

Question 51

What data does PointGuard protect?

Answer 51

Function pointers and longjump buffers automatically.

Question 52

What is a challenge with PointGuard?

Answer 52

Requires programmer intervention to protect other variables.

Question 53

Why might PointGuard miss vulnerabilities?

Answer 53

Programmers may overlook data needing protection.

Question 54

What is the benefit of /GS and StackGuard?

Answer 54

Prevents exploitation of simple stack-based overruns.

Question 55

Where can more info on StackGuard be found?

Answer 55

Cowan’s 1999 paper on buffer overflows.

Question 56

Why validate all function inputs?

Answer 56

Prevents buffer overruns from unchecked user data.

Question 57

What is the SafeStr library?

Answer 57

Dynamically resizes strings to prevent buffer overruns.

Question 58

Why is strlcpy criticized?

Answer 58

Encourages use of C strings, not part of GNU C library.

Question 59

What OSes support strlcpy/strlcat?

Answer 59

OpenBSD, FreeBSD, Solaris, Mac OSX, QNX.

Question 60

Why use std::string in C++?

Answer 60

Native, safe string handling avoids buffer overrun risks.