I moved into the Information security domain after having worked with many programming languages. I have worked with dinosaur programming languages like BASIC, FORTRAN, C, C++ and then moved to modern programming languages like Java.
In those days, when we initialized a variable, we always did it without any complicated thoughts about it being compromised by a hacker. For example, in the ‘C’ programming langauge, if
char a[5]= “hello”;
The string “hello” is assigned to the character array “a” which is about 6 bytes long. We never thought of overloading a[] and making it store 10 characters!! (atleast I never did!! :))
Now, what happens when character array is forced to store more than 5 characters? It overflows…let us see this:
char a[5] = “hellohowareyou”;
This results in a “buffer overflow” and the remaining String “howareyou” spills into adjacent locations.
This possibility can be exploited by hackers(and is exploited by them) to insert malicious code into the program. This is the”buffer overflow” vulnerability and it can be mitigated to some extent by writing absolutely secure code in the design phase of a project.
In simple terms, ‘buffer overflow’ is similar to water overflowing from a water pitcher when trying to overfill it!!
Have a safe and wonderful day!!
The previous post can be found here.