What is the difference between a stack overflow and buffer overflow?

Stack overflow refers specifically to the case when the execution stack grows beyond the memory that is reserved for it. For example, if you call a function which recursively calls itself without termination, you will cause a stack overflow as each function call creates a new stack frame and the stack will eventually consume more memory than is reserved for it.

Buffer overflow refers to any case in which a program writes beyond the end of the memory allocated for any buffer (including on the heap, not just on the stack). For example, if you write past the end of an array allocated from the heap, you've caused a buffer overflow.

The key difference is knowing the difference between the stack and a buffer.

The stack is the space reserved for the executing program to execute in. When you call a function, it's parameter and return info are placed on the stack.

A buffer is a generic chunck of memory that is used for a single purpose. For example, a string is a buffer. It can be over run by writing more data to the string than was allocated for.

Stack overflow: you have put too many things on the stack for the memory allocated to the current thread

Buffer overflow: You have exceeded the size of your currently allocated buffer and have not resized it to fit (or cannot resize it further).

More than you probably want to know here:

Stack Overflow

Buffer Overflow

A stackoverflow is when the size of the stack for a thread exceeds the maximum allowable stack size for that thread.

A buffer overflow is when a value is written into memory that is not currently allocated by the program.

Don't you mean to say "what is the difference between a stack and a buffer?" -- that will lead you to more insight more quickly. Once you've gotten that far, then you can think about what it means to overflow each of these things.

Buffer overflow usually stands for anytime a memory buffer is accessed beyond it's bounds whether stack or heap. A stack overflow means the stack has exceed it's allocated limit and on most machines/OS is running over heap.

1. Stack-Based Buffer Overflow • Occur when a program writes to a memory address on the program’s call stack outside the intended data structure – fixed length buffer. • Characteristics of stack-based programming 1. “Stack” is a memory space in which automatic variables are allocated. 2. Function parameters are allocated on the stack and are not automatically initialized by the system, so they have garbage until they are initialized. 3. Once a function has completed its cycle, reference to the variable in the stack is removed. (i.e if function is called multiple times, its local variables and parameters are recreated and destroyed each time the function is called and exited.)
• The attacker exploit stack-based buffer overflows to manipulate program in various ways by overwriting
1. A local variable that is near the buffer in memory on the stack to change the behaviour of program that may benefit the attacker.
2. Return address in a stack frame. Once the function returns, execution will resume at the return address as specified by the attacker, usually a user input-filled buffer. 3. A function pointer, or exception handler, which is subsequently executed. • Factors to overcome the exploits are
1. Null bytes in addresses 2. Variability in the location of shell code 3. Differences between environment Shell code is a small piece of code used in exploitation of software vulnerability.

2. Heap Buffer Overflow

• Occurs in the heap data area. • Overflow occurs when an application copies more data into a buffer than the buffer was designed to contain. • Vulnerable to exploitation if it copies data to buffer without first verifying that source will fit into destination. • Characteristics of stack-based and heap-based programming: • “Heap” is a “free store” that is memory space, when dynamic objects are allocated. • The heap is the memory space dynamically allocated new(), malloc(), and calloc() functions. • Dynamically created variables (i.e declared variables) are created on heap before execution and stored in memory until the life cycle of object has completed. • Exploitation is performed • By corrupting data to override internal structures such as linked list pointers. • Pointer exchange to override program function

Most people who mentions buffer overflows mean stack oveflows. However, overflows can occur in any area not just limited to the stack. Such as the heap or bss. A stack overflow is limited to overwriting return addresses on the stack, but a normal overflow that does not overwrite the return address will probably just overwrite other local variables.

Let me explain in a simpler way with a diagram of RAM. Before jumping into it, I suggest reading about StackFrame, Heap Memory.

As you can see, the Stack grows downwards (showed by arrow) assuming it's stack. The kernel code, text, data all are static data, so they are fixed. The heap portion being dynamic grows upwards (showed by arrow).