The stack-based buffer overflow


The mechanics of a stack-based buffer overflow





Attacker overflows buffer on stack
Note: Buffer is ALWAYS at the
same place

Overflow overwrites function return
address -- fixed value pointer into
overflow buffer - execution starts

Key point: The pointer points
into the buffer (where the
attack code is placed)

Solution:  a random-sized gap at
top of stack (8-byte aligned)