Method and apparatus to retain system control when a buffer overflow attack occurs
First Claim
Patent Images
1. A method, comprising:
- encountering a function call instruction that calls a called function during program execution;
saving a return address in a first stack and in a second stack, the return address containing an instruction to be executed after execution of the called function;
executing the called function; and
determining if the return address stored in the first stack matches the return address stored in the second stack.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a method is provided. The method comprises encountering a function call instruction that calls a called function during program execution; saving a return address in a first stack and in a second stack, the return address containing an instruction to be executed after execution of the called function; executing the called function; and determining if the return address stored in the first stack matches the return address stored in the second stack.
131 Citations
20 Claims
-
1. A method, comprising:
-
encountering a function call instruction that calls a called function during program execution;
saving a return address in a first stack and in a second stack, the return address containing an instruction to be executed after execution of the called function;
executing the called function; and
determining if the return address stored in the first stack matches the return address stored in the second stack. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method, comprising:
-
processing instructions within a virtual machine;
saving a return address in a first stack and in a second stack, the return address being an address at which program execution is to resume after execution of a called function;
comparing the return addresses saved in the first and second stack upon execution of the called function; and
exiting the virtual machine if the return addresses do not match. - View Dependent Claims (7, 8)
-
-
9. A method, comprising:
-
creating first and second stacks for a program during execution of the program;
encountering a function call to a called function;
storing data for the called function and a return address in the first stack;
storing the return address in the second stack; and
passing control of the program to an exception handler if the return address stored in the first stack does not match the return address stored in the second stack upon execution of the called function. - View Dependent Claims (10)
-
-
11. A processor, comprising:
-
memory management logic to allocate first and second memory locations corresponding to first and second stacks, respectively, when a function call instruction calls to a called function is encountered during program execution;
function call logic to write a return address to a memory location from the first memory locations and to a memory location from the second memory locations, the return address being an address at which program flow is to resume after execution of the called function; and
buffer overflow control logic to determine if the return address retrieved from the first stack matches the return address retrieved from the second stack, upon execution of the called function. - View Dependent Claims (12)
-
-
13. A system, comprising:
-
a memory; and
a processor coupled to the memory, the processor comprising memory management logic to allocate first and second memory locations corresponding to first and second stacks, respectively, when a function call instruction that calls a called function is encountered during program execution;
function call logic to write a return address to a memory location from the first memory locations and to a memory location from the second memory locations, the return address being an address at which program flow is to resume after execution of the called function; and
buffer overflow control logic to determine if the return address retrieved from the first stack matches the return address retrieved from the second stack, upon execution of the called function. - View Dependent Claims (14)
-
-
15. A computer readable medium having stored thereon a sequence of instructions which when executed by a processor, cause the processor to perform a method comprising:
-
encountering a function call instruction that calls a called function during program execution;
saving a return address in a first stack and in a second stack, the return address containing an instruction to be executed after execution of the called function;
executing the called function; and
determining if the return address stored in the first stack matches the return address stored in the second stack. - View Dependent Claims (16)
-
-
17. A computer readable medium having stored thereon a sequence of instructions which when executed by a processor, cause the processor to perform a method comprising:
-
processing instructions within a virtual machine;
saving a return address in a first stack and in a second stack, the return address being an address at which program execution is to resume after execution of a called function;
comparing the return addresses saved in the first and second stack upon execution of the called function; and
exiting the virtual machine if the return addresses do not match. - View Dependent Claims (18)
-
-
19. A computer readable medium having stored thereon a sequence of instructions which when executed by a processor, cause the processor to perform a method comprising:
-
creating first and second stacks for a program during execution of the program;
encountering a function call to a called function;
storing data for the called function and a return address in the first stack;
storing the return address in the second stack; and
passing control of the program to an exception handler if the return address stored in the first stack does not match the return address stored in the second stack upon execution of the called function. - View Dependent Claims (20)
-
Specification