A Dynamic Technique for Eliminating Buffer Overflow Vulnerabilities (and Other Memory Errors)

Martin Rinard

Cristian Cadar

Daniel Roy

Daniel Dumitran

Buffer overflow vulnerabilities are caused by programming errors that
allow an attacker to cause the program to write beyond the bounds of
an allocated memory block to corrupt other data structures. The
standard way to exploit a buffer overflow vulnerability involves a
request that is too large for the buffer intended to hold it. The
buffer overflow error causes the program to write part of the request
beyond the bounds of the buffer, corrupting the address space of the
program and causing the program to execute injected code contained in
the request.

We have implemented a compiler that inserts dynamic checks into the
generated code to detect all out of bounds memory accesses. When it
detects an out of bounds write, it stores the value away in a hash
table to return as the value for corresponding out of bounds
reads. The net effect is to (conceptually) give each allocated memory
block unbounded size and to eliminate out of bounds accesses as a
programming error.

We have acquired several widely used open source servers (Apache,
Sendmail, Pine, Mutt, and Midnight Commander). With standard
compilers, all of these servers are vulnerable to buffer overflow
attacks as documented at security tracking web sites. Our compiler
eliminates these security vulnerabilities (as well as other memory
errors). Our results show that our compiler enables the servers to
execute successfully through buffer overflow attacks to continue to
correctly service user requests without security vulnerabilities.

Keywords: Buffer Overflow

Read Paper Read Paper (in PDF)