These languages don’t have an automatic check on the data that is written in to some array which is more like the in – built type of buffer which lies within the array boundaries. Buffer overflows can be prevented by implementing the bound checks. When the data is written to the buffer, it may also corrupt the data stored in the adjacent memory address destinations because of lack of insufficient checking of boundaries. This can cause a buffer overflow. It may also occur while data is being copied from one buffer to another one without checking whether the data will fit in to it or not. Techniques are available for exploiting the buffer overflow vulnerability. These techniques are different for different architectures, memory region and operating systems. For example, there is a lot of difference between the exploitation on call stack and the exploitation on heap. The below mentioned protective counter measures can be taken:
- Choice of programming language: The language being used does have a profound impact on the buffer overflow occurrence. As mentioned above C and C++ have no built – in protection against this problem but their libraries do provide a number of ways for safe buffering of data and techniques to avoid them. There are languages that provide runtime checking as well as compile time checking, which checks for the possibilities when the program might overwrite the data. Examples are Eiffel, Ada, and Smalltalk etc.
- Use of safe libraries: It is necessary to avoid buffer overflows in order to maintain the degree of correctness of the code. Therefore, standard library functions that are not bound checked should be avoided. There are certain abstract data type libraries that are well tested and centralized enough for performing the buffer management automatically.
- Buffer overflow protection: This mechanism checks for the alteration of the stack when the function returns. If some modification has been made, the program makes an exit with a segmentation fault. Examples of such systems are the stackguard, libsafe, propolice and so on.
- Pointer protection: Buffer overflow involves manipulation of the pointers along with their stored addresses. A compiler extension called the point guard was developed for preventing the attackers from manipulating the pointers and the addresses stored in them reliably. However this extension was not released commercially. A similar version of it was implemented in the Microsoft window’s OS.
- Executable space protection: This method prevents the code execution on heap or stack as an approach to buffer overflow protection. The buffer overflows can be used by the attackers for insert random code in to the program memory. When the executable space protection is in place, the execution of the program will be halted by an exception.