What would happen if you store 512 characters where there is only space for 256? You may claim that you can't, and you'll be right, but still, there are situations that, unconsciously, you tell the micro to do so, and he can only but obey you... and he'll do his best without thinking of side effects. Now is when we get technical, fasten your seat belts, this turbulence will last forever.

What defines a buffer overflow is the copy of a memory region into another region not big enough to contain it.

/* abo1.c * * specially crafted to feed your brain by gera */ /* Dumb example to let you get introduced... */ int main(int argv,char **argc) { char buf[256]; strcpy(buf,argc[1]); }

This is a good and simple abo: on execution this program will copy the contents of argc[1]¹, whatever it is, into the reserved 256 bytes named buf, strcpy() will not do any checks of any kind, it will just copy bytes from source to destination, from argc[1] to buf, until it finds a zero. Here, a chance is given for us to supply a longer-than-expected argc[1] to write in memory past the end of the reserved space named buf. Why is this a security problem? becouse we can change data that we shouldn't be able to, and usually, this data we can change has a very special meaning for the micro, and by exploiting this meaning, we can confuse the micro and make it do what we want. That's the secret, go get a debugger, a compiler, and all the tools you think you'll need, and find out what's the data after buf and why it's so important to be able to modify it.

1 - argc and argv are just names for main's arguments, they just name chunks of bits in memory, their names are not meaningful by their own but for their context.