Buffer overflows happen when more data is put into a buffer or holding area than the buffer can handle. This is due to a mismatch in processing rates between the producing and consuming processes. This can result in system crashes or the creation of a back door leading to system access. However, attention should be paid to “data-based” buffer overflows, those occurring at the database level due to inconsistencies between the various feature areas.
Test Cases
1. Investigate the design-time and corresponding run-time feature areas for inconsistencies in data length. For instance, create a profile through the runtime and set all the properties to the maximum possible values. Attempt to obtain this profile through the web service, and then save it. Verify there is no data-truncation. Apply this mechanism to all the various feature area dependencies as appropriate.
2. Through the web services, set various properties to binary blobs. Verify there is no data truncation in the database.
3. Pass high integer values where numeric data is expected. Attempt this on 32-bit and 64-bit architecture.
4. On the runtime, create a profile with each property maximized, and numeric data maximized. Attempt this on 32-bit and 64-bit architecture.
5. Due to possibility of integer overflows, pay particular attention to buffer arithmetic done with signed numbers. Unsigned arithmetic provides much better mitigation against attacks.