Heap buffer overflow exploitation prevention system and method
First Claim
Patent Images
1. A method comprising:
- stalling a heap allocation function call to a heap allocation function originating from a request by an application for a block of heap buffer;
predicting a predicted block of said heap buffer to fulfill said request, said predicted block comprising a header portion and a data portion reserved for data; and
determining if a forward link (F-link) in a F-link field and a backward link (B-link) in a B-link field of said header portion of said predicted block are addresses within a heap segment associated with said predicted block, wherein upon a determination that said F-link and said B-link of said predicted block are not addresses within said heap segment, said method further comprising taking corrective action comprising setting said F-link and said B-link to be an address of a list head of a freelist comprising said predicted block.
2 Assignments
0 Petitions
Accused Products
Abstract
A method includes stalling a call to a heap allocation function originating from a request by an application for a block of heap buffer, predicting a block of the heap buffer to fulfill the request, and determining if a forward link (F-link) and a backward link (B-link) of the predicted block are addresses within a heap segment associated with the predicted block. If a determination is made that the F-link or the B-link point outside the associated heap segment, e.g., have been overwritten by a heap buffer overflow attack, corrective action is taken to correct the stray F-link or B-link. After the corrective action is taken, the heap allocation function call is released and the block of heap buffer is allocated. In this manner, a heap buffer overflow attack is defeated.
-
Citations
17 Claims
-
1. A method comprising:
-
stalling a heap allocation function call to a heap allocation function originating from a request by an application for a block of heap buffer; predicting a predicted block of said heap buffer to fulfill said request, said predicted block comprising a header portion and a data portion reserved for data; and determining if a forward link (F-link) in a F-link field and a backward link (B-link) in a B-link field of said header portion of said predicted block are addresses within a heap segment associated with said predicted block, wherein upon a determination that said F-link and said B-link of said predicted block are not addresses within said heap segment, said method further comprising taking corrective action comprising setting said F-link and said B-link to be an address of a list head of a freelist comprising said predicted block. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
stalling a heap deallocation function call to a heap deallocation function originating from a release by an application of a block of heap buffer, wherein said block is a deallocation block that is being deallocated to a deallocation freelist; and determining if a forward link (F-link) in a F-link field of a header portion of a list head of said deallocation freelist and a backward link (B-link) in a B-link field of a header portion of a first block of said deallocation freelist are addresses within a heap segment associated with said deallocation freelist, said first block further comprising a data portion reserved for data, wherein upon a determination that said F-link is not an address within said heap segment, said method further comprising taking corrective action comprising setting said F-link and a B-link in a B-link field of a header portion of said list head to be an address of said list head. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer-program product comprising a tangible computer-readable storage medium containing computer program code comprising:
-
a heap buffer overflow exploitation prevention application for stalling a heap allocation function call to a heap allocation function originating from a request by an application for a block of heap buffer; said heap buffer overflow exploitation prevention application further for predicting a predicted block of said heap buffer to fulfill said request, said predicted block comprising a header portion and a data portion reserved for data; and said heap buffer overflow exploitation prevention application further for determining if a forward link (F-link) in a F-link field and a backward link (B-link) in a B-link field of said header portion of said predicted block are addresses within a heap segment associated with said predicted block, wherein upon a determination that said F-link and said B-link of said predicted block are not addresses within said heap segment, said heap buffer overflow exploitation prevention application further for taking corrective action comprising setting said F-link and said B-link to be an address of a list head of a freelist comprising said predicted block.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
-
Original AssigneeSymantec Corporation (NortonLifeLock Inc.)
-
InventorsConover, Matthew
-
Primary Examiner(s)Shah; Sanjiv
-
Assistant Examiner(s)Ayash; Marwan
-
Application NumberUS10/796,358Time in Patent Office1,429 DaysField of SearchNoneUS Class Current711/170CPC Class CodesG06F 12/1441 for a rangeG06F 21/556 involving covert channels, ...
