How To Protect C# Applications From Buffer Overflow Attacks

buffer overflow attack is once the user purposely enters an excessive amount of data in such the way that the program can spill the information across completely different memory locations which can cause bad  behavior like opening another vulnerability for the attack to use.

This works through the utilization of user input. If the information size isn't checked properly before process the information in sure ways in which, it will become prone to a buffer overflow attack.

Protecting from buffer overflow :
we will be using the c-sharp console application(CLI) as an example.

First create a byte array which we will use to store the user input in next, notice that we are giving it a fixed size of 255 bytes.

byte[] byt = new byte[255];

Now we will get some user input.


Now let's convert it to a byte array.


Now set it to our previously declared 'bytes' byte array with a fixed size of 255 bytes...

byt = Encoding.Default.GetBytes(Console.ReadLine());

The vulnerability here is that the user can be inputting a string of 256+ bytes or characters so once converted to bytes, it'll be rather more than the 'bytes'; byte array will handle - a most of 255.

To fix this, we are able to merely check the byte count 1st before setting it to the 'bytes' byte array...
string readLine = Console.ReadLine();
if (Encoding.Default.GetBytes(readLine).Length <= 255) {
byt = Encoding.Default.GetBytes(readLine); 


Now, if the user enters a string that once regenerate to byte is larger than the 'bytes' byte array will handle, it merely will not arrange to set the 'bytes' byte array to the new input.


windows 7 professional upgrade keys free download , windows 7 home premium sp1 product key , microsoft visio professional 2016 , windows 10 product key sale , windows 10 product key support , windows 10 product key activation , windows 10 serial keygen , windows 10 product key september 2015 , sxKMrf


The blog you presented was very nice and interesting which helped me to get update on the recent technologies.
No.1 Dot Net Project Center in Chennai | No.1 Dot Net Project Center in Velachery


It is amazing and wonderful to visit your site.Thanks for sharing your ideas and views... keep rocks and updating
Linux Training in Velachery | Linux Training Institute in Chennai | Linux Training in Kanchipuram


Very impressive and interesting blog, this is the best place to get wonderful information thanks much for sharing here...
Best Embedded System Training in Kanchipuram | Embedded Training in Kanchipuram | Embedded Training Center in Velachery


Post a Comment

Note: Only a member of this blog may post a comment.