Detecting Buffer Overflow with Intel® Pointer Checker

Introduction

There are many ways a hacker can attack web applications.  Some of the most common security threats are buffer overflows, SQL injections, cross-site scripting (XSS) and denial of service  (DoS) attacks.

 

This blog will cover buffer overflow attacks along with technology (the pointer checker feature in the Intel® compiler) that can help you determine if your code is vulnerable.

 

What is Buffer Overflow?

A buffer overflow occurs when data is written into a buffer that does not allocate enough space to store the data being written to it.  The extra data will overwrite adjacent memory locations.  This is especially dangerous because when unintended memory is written to, it could have very serious results in an application, for example: overflowing a buffer for a local variable in a function could result in overwriting the return address of that function causing the program to crash.

More information about buffer overflow can be read here .

 

How Hackers Can Take Advantage of Buffer Overflow

Programming languages such as assembly language, C and C++, do not perform automatic bounds check unless developers use new string-safe functions such as those found in Microsoft* Visual Studio. These languages require developers to manually manage the size of allocated memory. Applications developed using languages such as C# and Java will be immune to this kind of problem.  However, if  Java or C# applications are linking to legacy applications that still have C/C++ or assembly code in them, they still have this inherent dependency on proper bounds checking being done by the original developers of the C/C++ code.

There are two main types of buffer overflow attacks: stack based and heap based. Heap based attacks flood the memory space reserved for a program.  In a stack-based buffer overflow, a hacker can submit data to a Web application, and that data is intentionally larger than the memory buffer size allocated to hold it. This extra data can overflow into adjacent memory, overwriting any valid data held in it, and often overwriting the return address that is used when the function ends. A hacker can then strategically insert his or her own new return address causing the application to then execute their own malicious code.

 

Stopping Buffer Overflow Defects with the Intel ® C++ Compiler XE 13.0

The Intel C++ compilers generate code for IA-32 and Intel 64 architectures.The pointer checker is a debugging feature that helps find buffer overflows occurring in Windows* OS or Linux* OS based applications. The feature performs bounds checking for memory accesses through pointers and identifies any out-of-bounds access in pointer checker enabled code. The pointer checker can also detect dangling pointers, that is, pointers that point to memory that has been freed. When this detection is enabled, using a dangling pointer in an indirect access will also cause an out-of-bounds error. More information about the Intel compiler can be found here.

  

 

How Pointer Checker Detect Buffer Overflows

 

When pointer checker detects there are copy instructions like “memcpy” or “strcpy”, it will compare the amount of space allocated to the destination with the amount of data being copied to ensure the copy instruction is successfully executed.  If there is not enough allocated space, it will display error.  For example:

 

memcpy(destination, origin, 17)

If the destination only has room for 13 bytes while 17 needs to be copied then the pointer checker will display errors.

 

strcpy(destination, origin)

Similarly, if the destination can store 15 bytes of data while the length of origin is more than 15 bytes then the pointer checker will display errors.

 

More information about how pointer checker works can be found here.

 

 

Conclusion

Buffer overflows are a well-known security hole that has been exploited by hackers in legacy systems.  The pointer checker feature in the Intel® C++ compiler XE 13.0 will detect this problem in C/C++ applications for both Windows* and Linux*.

Per informazioni complete sulle ottimizzazioni del compilatore, consultare l'Avviso sull'ottimizzazione