STATIC ANALYSIS TOOLS FOR DETECTING STACK-BASED BUFFER OVERFLOWS

Abstract

Buffer overflows are common software vulnerabilities; it is possible for a program to write outside of the intended boundary of a buffer. In most cases, this causes the program to crash. In more dangerous situations, a buffer overflow can provide the access an attacker needs to gain remote code execution. To create programs that are reliable and free of buffer overflows, we need a method for analyzing code to detect potential buffer overflow vulnerabilities. One method to detect errors is to perform static analysis on the program. This involves looking at a program's disassembled code to find the errors in the program. Fortunately, Ghidra, a reverse engineering tool, can perform the disassembly of the executable. With the Ghidra API, scripts can be developed to perform the task of analyzing programs for buffer overflows. This research investigates the area of stack-based buffer overflows and how to discover them using static analysis. Specifically, the research looks into cases where buffer overflows occur in libc functions, which are referred to as vulnerable sinks. This research involved the development of a Ghidra script to search for vulnerable sinks in a binary file and find all the parameters that are used in the sinks. This allows for buffer overflows to be calculated on a per-sink basis. The research showed that it is possible to find overflow vulnerabilities via static analysis and that calculating whether a buffer can be overflowed is possible.