Pointers and Dynamic Memory – Heap

Yesterday, I wrote an article on Pointers and Dynamic Memory – Stack and Stack Overflow of Memory and I received good feedback about the article. More articles are requested by the fellow fans of cyberstorm.mu and I proposed to blog about “Heap”. As I discussed in the previous article, there are limitations to stack. We have to see exactly how stack overflow happens, that is, if our “calls” stack grows beyond the reserved memory of the stack, the program will consequently crash.

There are actually limitations to stack especially when the memory is set aside and it does not grow during runtime. Consequently, the application cannot request more memory. Note that the allocation and deallocation of memory on the stack are governed by a set of rules, that is, when a function is called, it is pushed onto the stack and when it finishes it is popped out of the stack. Hence, it is quite impossible to manipulate the aim of a variable when it is on the stack. Another limitation is when there is a large data type. For example. an array sets as a local variable where we need to know the size of the array at the compiling time! To overcome this problem of a large variable into the memory we have “heap”. Let’s now have some fun with heap?

Compared to size in  Stack, an application’s heap is not fixed. Its size can vary during the whole lifetime of the application and there are no special rules applied during allocation and deallocation memory. Heap will grow its reserved memory as long as you do run out of memory in the whole system itself. That is why in the introduction article, the heap is described as a free pool of memory (Dynamic memory). To use Dynamic Memory there are four functions that need to be grasped, that is; Malloc, Calloc, realloc, and Free. I will get into more details of these terms in my next article.

Let’s see a C program to get into the heap structure:

#include<stdio.h>
#include<stdlib.h>
int main()
{
 int a;
 int *p;
 p = (int*)malloc( sizeof (int));
 *p = 10;
 free(p);
 p = (int*)malloc( sizeof (int));
 *p = 20;
}
12410538_1277321242283545_6797982174435791718_n
Follow the numbers with the explanation below
  1. A variable “a” is declared from the main() method. It goes into the stack as explained in the diagram.
  2. We store the integer on the heap by calling the malloc() function. The line int *p; followed by p = (int*) malloc(sizeof (int)); will specify how much memory to allocate on the heap in terms of bytes. We just say “malloc please pass as argument the size of the integer..” and the program said “ok I give you a block of memory of 4 bytes” – 4 bytes is the size of an integer. Malloc will then return a pointer to the starting address of this block.
  3. Malloc will return a void pointer to the starting address of the block. Let’s say the starting address of the 4 bytes is 100.
  4. Since we have an integer p which is a local variable to main, this is allocated in the stack. Note that at this stage p stores the address 100 in the heap.
  5. We can store something in the heap by removing the reference pointer p towards the heap. This done by using pointer p and add some value –  *p = 10;
  6. A pointer variable is also kept in the stack to point to the heap that is 100.
  7. At the line, p = (int*) malloc ( sizeof (int));  and *p=20 which is another call has been made to malloc and consequently one more byte of 4 bytes is allocated on the heap.
  8. Let’s say the address is 200 and the address called is stored in the variable p which will point to the address 200 from the stack. Note that the previous block of address 100 will still sit in the heap. Unnecessary consumptions of memory at this stage on the heap need to be clear out.
  9. This exactly where the line free (p); gets in to clear out. Number 3 in the heap block will be cleared out.

Anything allocated on the heap is not automatically deallocated when the functions get completed compared to the stack. It does not need to live the whole lifetime of the application. Programs which is coded with this fault can be used to explore vulnerabilities. We need to control anything that can be freed on the heap.


Pointers and Dynamic Memory – Stack and StackOverflow

From the article Pointers and Dynamic Memory – Part1, I made a little introduction of Pointers and a brief overview of Dynamic memory. In this article, we will get into some more details of Stack and StackOverflow in the context of Pointers and Dynamic memory.

Let’s see a simple C program which we can use to see what happens in memory when it executes

#include<stdio.h>
 int total;
 int square(int x)
 {
     return x*x;
 }
 int SquareSum( int x, int y)
 {
      int z = square(x+y);
      return z;
 }
 int main()
 {
      int a=10, int b=20;
      total = SquareSum(a,b);
      printf(“Output = %d”, total);
 }

From the program, we can see that there is a function that gives the Square of a number and another function that gives the square of the sum. In the Main method, the square of the sum is passed through the arguments a and b.

Like I mentioned in the previous article, Stack is reserved for function calls and local variables and Static means the global variables that are not stored inside the variables. From the C code, this can be interpreted under Stack and Static.

Pointers and Dynamic Memory – Stack and StackOverflow 1

  1. When the main method is invoked, some amount of the memory is allocated to the Stack for execution of main() as described in the Yellow box.
  2. The total is a global variable so it gets into the Static section.
  3. All local variables, arguments and the information where the function main should return are stored within the stack frame. The size of the stack frame for a method is calculated when the program is compiling.
  4. Now, when main calls SquareSum method, then a stack frame is allocated for the call SquareSum.
  5. All the variables x, y, and z will sit in the same stack frame.
  6. The function sum of the square that is “square” will also be found in the Stack frame and it will have its own local variables.

When the program executes, the function at the top of the stack keeps on executing the rest are in a “pause mode” waiting for other function to return something before it resumes execution. When the whole program finishes executing, the stack and static frame get cleared. Remember, a global variable should only be set with the aim to use it for a whole lifetime of the program, otherwise, it will be a waste of memory. The global variable used in this program has been done deliberately to understand the concept.

Another interesting issue is that when the program starts, by default, the operating system will reserve some amount of space on the stack. When there are functions in a stack calling other functions until there is no memory available in the stack, its called “StackOverflow” which consequently crashes the whole program. For example, a bad program having bad recursion codes. In brief, there are limitations to stack.


Pointers and Dynamic Memory – An introduction

Some crucial part to know about memory are Pointers and Dynamic memory to troubleshoot within the infrastructure of the memory. To grasp how pointers work, we need to understand how data types are stored in computer memory. When a program executes, memory is interpreted as RAM. Let’s say we have a 1GB RAM. Each byte in the memory has an address. We can interpret it as each part of a human memory having its neurons associated with parts of your body.

10649895_1276359969046339_6283119763362422098_n

The first byte of the memory has an address called Zero. The Addresses of each byte keeps on incrementing the more you move on to a different level of bytes within the memory architecture. Memory, when assigned to a program, can be divided into four segments that are HEAP (pool of memory), STACK (function calls and local variables), STATIC (global variables – not stored inside a function) and CODE (instructions).

Now, let’s say we have to declare a variable in our program. For example, a variable called “a” of type integer – int a; the computer allocates a certain amount of memory for a particular variable and depending on how many data types are used, the memory will be allocated accordingly. However, there are other aspects to be taken into consideration by the computer to allocate more memory. Ex. the compiler itself.

A pointer acts as a variable that stores the address of another variable. How? Integer A is allocated to address 100, 101, 102, 103. The computer will query its lookup table where the information is stored.


cyberstorm.mu is promoting Signal

“Going further and beyond” –  That’s the motto of cyberstorm.mu. Indeed, there are many people everywhere calling themselves professionals where the fact is that they are merely wearing a mask showing off in the public. I would also claim that no one is perfect in the field of It and Security, however, acceptance of oneself and move on to another stage is the real goal.

photo credits: cyberstorm.mu
photo credits: cyberstorm.mu

What and why Signal? I posted an article yesterday to elaborate on the application. Well, cyberstorm.mu is not only promoting Signal but many free and open source security software such as Tor, Bitcoins and many others to liberate each and everyone from this sick society where governments are spying on your personal stuff. I made some research on Signal and conclude that this is indeed amazing!

With the help of Logan, member, and contributor of cyberstorm.mu, I made an audit of the Signal code and noticed that some improvements can be made on one of the libraries. A remote hacker can probe the memory and harvest the sensitive information.

The logic  – Data (an example could be cryptographic keys) in memory is not always needed because someone can look for ways to exploit the data. An analogy is that it’s like washing your keyboard after entering your password so that people cannot collect your fingerprints to steal it. In other words, a code execution can be done at the memory level to penetrate your system. To mitigate this attack, zeroing buffers which contained sensitive information is an exploit mitigation technique. Let me take an example: Imagine you are a hacker and you can see what is in the RAM of your victim. Then you can see passwords and everything else. Then it’s better to delete them if they are not going to be used or rather fill it in with wrong passwords to trick the hackers.

In a technical term, the idea is to overwrite the variable when you are about to get rid of it so that other programs cannot detect what was there. The key is not to have the secret data present in the memory longer than necessary. However, what you overwrite might matter, but what is overwritten is the key to keep it secret. So let’s see how to put Zeroes in RAM to erase what was there before. Keep in mind, it has nothing to do with overflows.

Do check out the pull requests and commit at https://github.com/WhisperSystems/libaxolotl-c/pulls


Signal – Privacy is possible with SMS encryption

Phone calls and SMS privacy are now possible with Signal. What is ‘Signal‘? “Signal has been designed for the mobile environment from the ground up. Messages and incoming calls are fully asynchronous; push notifications to let you know when new messages have arrived, so they’ll be waiting for you if the app is in the background, your battery dies, or you temporarily lose service.” – WhisperSystems

Photo credits: Mike Williamson
Photo credits: Mike Williamson

It is believed that the Government of Mauritius and other government entities around the world have been tapping into phone lines since a while and some years back this issue has also been revealed on Mauritian newspapers.  So, how do you get away from these entities trying to peak their noes into your private life? The ultimate answer is “Signal” which has been developed by the Open Whisper Systems Team.

“Use anything by Open Whisper Systems”Edward Snowden, whistleblower, and privacy advocate

“I am regularly impressed with the thought and care put into both the security and the usability of this app. It’s my first choice for an encrypted conversation.” – Bruce Schneier, internationally renowned security technologist.

The signal is freely available and compatible for almost all Android devices as well as Apple mobile phones. It supports SMS and voice calls encryption even if you are on a 3G/4G network. However, you need to assure yourself that all parties engaged in a conversation are using Signal to be secure on all sides.

You cannot assure yourself to be secure if encrypted communication is one-sided.

My next article is going to be dedicated to the cyberstorm.mu team of Mauritius.