The document explains buffer overflow, which occurs when excessive data is entered into a memory buffer, potentially leading to arbitrary code execution. It highlights the risks associated with the gets() function, which does not limit input length, and suggests the use of fgets() as a safer alternative. The discussion includes examples of memory assignment and potential vulnerabilities in handling user inputs.

1. Buffer Overflow for
Beginners
Ajin Abraham
www.keralacyberforce.in

2. Buffer: it is a block of memory
What is Buffer Overflow?
Buffer overflow is caused when too
much data is inserted into a buffer
than it can handle. So this may lead to
the executing of arbitrary code if a
certain memory pointer is
overwritten.

3. Buffer Overflow for
Beginner
Command
Name
152903854
128 + 6 bytes
152903720
10 + 6 bytes
152903704

4. Buffer Overflow for
Beginner
Command {with system() function execute
the contents of the variable command}
system(command);
Name {Read to Name Variable and Print the contents
of name variable}
gets(name);
printf(“Hello %sn”,name);

5. Buffer Overflow for
Beginner
When you give an input,
say
www.keralacyberforce.in
What happens?

6. Buffer Overflow for
Beginner
commandorce.in
(10)namewww.kerala
(6)malloccyberf
152903832
128 + 6 bytes
10 + 6 bytes
152903704
It will be assigned to the memory like this.

7. Buffer Overflow for
Beginner
This buffer overflow is
caused because the
gets() function doesn't
limit’s the length of the
input

8. Buffer Overflow for
Beginner
To overrule this buffer
overflow you can use
fgets(name, 10, stdin);
where it will read a maximum
of 10 characters from the
input.