How does heap attack work?

Question

How does heap attack work?

I read two articles on cumulus spraying: Wikiepdia and this blog post . I understand how shell code is entered into program memory. But how to make a program to go / call to the address memory located on the heap?

What accident causes a heap call?

Is such an attack required with some kind of buffer overflow attack?

Is there any golden rule similar to one that has a buffer overflow, i.e. uses the n version of functions ( strncpy instead of strcpy )?

+6

c ++ c security exploit

Piotr czapla Nov 05 '10 at 23:31

source share

1 answer

Blindy · Accepted Answer · 2010-11-05T23:37:48+0000

If I understand correctly,

They usually take advantage of the fact that these heap blocks will be in about the same place when the heap spray starts. execution flow can be redirected to a bunch of sprays through a buffer overflow or a bunch of overflows.

They talk about this situation:

 char buffer[10]; FuncPtr p;

And when you read in buffer , there is no overflow protection, and you can write directly to the memory location for p . Later, when your code tries to call p , it will go where the attacker wants him to jump, presumably where they injected the executable code into your application.

A simple fix: do not use static buffers (prefer the classes of the std:: collection) and always check for overflows.

How does heap attack work?

More articles: