You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+25Lines changed: 25 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -64,6 +64,31 @@ C and C++ are two languages that are highly susceptible to buffer overflow attac
64
64
65
65
Languages such as PERL, Java, JavaScript, and C# use built-in safety mechanisms that minimize the likelihood of buffer overflow.
66
66
67
+
## How to Prevent Buffer Overflows?
68
+
69
+
### Bound indexing
70
+
71
+
Since you didn't show any code the answer can only be a general one: _Stay inside the bounds of the array_. Apart from accessing at some wildly out of bounds position, one particular case is more common: If you have an array with a size of 10 then 10 isn't a valid index. Because arrays in C++ are 0-based. So in this case, valid indices are 0 to 9.
72
+
73
+
### Use dynamic lists
74
+
75
+
You must not go out of bounds, the C/C++ developer has to be precise. That said, you could use _std::vector_ instead of a plain array: it provides the _std::vector::at_ method that throws an exception if you try to make an out-of-bounds access.
76
+
77
+
### Address space randomization (ASLR)
78
+
79
+
Randomly moves around the address space locations of data regions. Typically, buffer overflow attacks need to know the locality of executable code, and randomizing address spaces makes this virtually impossible.
80
+
81
+
### Data execution prevention flags
82
+
83
+
These flags certain areas of memory as non-executable or executable, which stops an attack from running code in a non-executable region.
Helps stop malicious code from attacking Structured Exception Handling (SEH), a built-in system for managing hardware and software exceptions. It thus prevents an attacker from being able to make use of the SEH overwrite exploitation technique.
88
+
At a functional level, an SEH overwrite is achieved using a stack-based buffer overflow to overwrite an exception registration record, stored on a thread’s stack.
89
+
90
+
Security measures in code and operating system protection are not enough. When an organization discovers a buffer overflow vulnerability, it must react quickly to patch the affected software and make sure that users of the software can access the patch.
0 commit comments