Buffer Overflow Attack Protection in C# .NET

Introduction:

This tutorial is on how to secure your application in C# from Buffer Overflow Attacks.

What's a Buffer Overflow Attack? (BTA)

A buffer overflow attack is when the user purposefully enters too much data in such a way that the program will spill the data across different memory locations which will cause unexpected behaviour such as opening another vulnerability for the attack to exploit. This works through the use of user input. If the data size is not checked correctly before processing the data in certain ways, it can become vulnerable to a buffer overflow attack from an attacker.

C# Console App:

We are going to use a simple C# console application for this example, so first create a new C# console application project, give it a name, and click 'Create'.
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Linq;
  4. using System.Text;
  5. using System.Threading.Tasks;
  6. using System.Windows.Forms;
  7.  
  8. namespace ChaoSQL
  9. {
  10. class Program
  11. {
  12. static void Main(string[] args)
  13. {
  14. }
  15. }
  16. }

Byte array:

Next we are going to create a byte array which we store the user input in next, notice that we are giving it a fixed size of 255 bytes...
  1. byte[] bytes = new byte[255];

User Input:

Now we are going to get some user input...
  1. Console.Readline()
Convert it to a byte array...
  1. Encoding.Default.GetBytes(Console.ReadLine())
And set it to our previously declared 'bytes' byte array with a fixed size of 255 bytes...
  1. bytes = Encoding.Default.GetBytes(Console.ReadLine());

Vulnerability

The vulnerability here is that the user could be inputting a string of 256+ bytes/characters and so when converted to bytes, it will be much more than the 'bytes' byte array can handle - a maximum of 255. To fix this, we can simply check the byte count first before setting it to the 'bytes' byte array...
  1. string readLine = Console.ReadLine();
  2. if (Encoding.Default.GetBytes(readLine).Length <= 255) {
  3. bytes = Encoding.Default.GetBytes(readLine);
  4. }
Now, if the user enters a string which when converted to bytes is larger than the 'bytes' byte array can handle, it simply won't attempt to set the 'bytes' byte array to the new input (converted to bytes). Finished! Source code...
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Linq;
  4. using System.Text;
  5. using System.Threading.Tasks;
  6. using System.Windows.Forms;
  7.  
  8. namespace BTAProtection
  9. {
  10. class Program
  11. {
  12. static void Main(string[] args)
  13. {
  14. byte[] bytes = new byte[255];
  15. // Not Safe > bytes = Encoding.Default.GetBytes(Console.ReadLine());
  16. string readLine = Console.ReadLine();
  17. if (Encoding.Default.GetBytes(readLine).Length <= 255) {
  18. bytes = Encoding.Default.GetBytes(readLine);
  19. }
  20. }
  21. }
  22. }

Comments

Submitted byFrazer Weller (not verified)on Tue, 02/21/2017 - 21:47

It doesn't work whatsoever, worst bit of code I've ever seen....
Submitted byYodelSwan (not verified)on Fri, 11/17/2017 - 01:06

I don't see a buffer overflow here. byte[] bytes = new byte[255]; //allocate a block of memory that is never used bytes = Encoding.Default.GetBytes(Console.ReadLine()); //point to a new block of memory (appropriately sized) allocated by GetBytes The variable bytes just points to a new block of memory of the appropriate size allocated by Encoding.Default.GetBytes.

Add new comment