Understanding the Buffer Overrun


It would be impossible in one chapter, or even one book, to adequately cover all the possible means of attacking a software product. After all, a spreadsheet shared over your home's wireless network is very different from a multiplayer video game played over the Web or a distributed Department of Defense computer system. The operating systems and the technologies are unique and therefore will usually have different security vulnerabilities. There is one common problem, however, that is a security issue in any software productthe buffer overrun.

In the Generic Code Review Checklist in Chapter 6, you learned about Data Reference Errorsbugs caused by using a variable, constant, array, string, or record that hasn't been properly declared or initialized for how it's being used and referenced." A buffer overrun is such an error. It is the result of poor programming, enabled by many languages such as C and C++, that lack safe string handling functions. Consider the sample C code in Listing 13.1.

Listing 13.1. Example of a Simple Buffer Overflow
 1: void myBufferCopy(char * pSourceStr) { 2:    char pDestStr[100]; 3:    int nLocalVar1 = 123; 4:    int nLocalVar2 = 456; 5:    strcpy(pDestStr, pSourceStr); ... 6: } 7: void myValidate() 8: { 9: /* 10:  Assume this function's code validates a user password 11:  and grants access to millions of private customer records 12:/* 13: } 

Do you see the problem? The size of the input string, pSourceStr, is unknown. The size of the destination string, pDestStr is 100 bytes. What happens if the source string's length is greater than 100? As the code is written, the source string is copied right into the destination string, no matter what the length. If it's more than 100 bytes, it will fill the destination string and then continue overwriting the values stored in the local variables.

Worse, however, is if the source string is long enough, it could also overwrite the return address of the function myBufferCopy and the contents of the executable code in the function myValidate(). In this example, a competent hacker could enter a super long password, stuffed with hand-written assembly code instead of alphanumeric ASCII characters, and override the intended password validation performed in myValidatepossibly gaining access to the system. Suddenly, those code reviews described in Chapter 6 take on a whole new meaning!

NOTE

This is a greatly simplified example of a buffer overrun to demonstrate the potential problem. Exactly what data or program code gets overwritten, or even if it will be overwritten or executed at all, depends on the compiler and the CPU. But, of course, the hackers know that.


Buffer overruns caused by improper handling of strings are by far the most common coding error that can result in a security vulnerability, but any of the error classes described in Chapter 6 are potential problems. As a software tester, your job is to find these types of bugs as early as possible. A code review would find them early in the development cycle, but there's an even better meansand that's to prevent them from happening in the first place.



    Software Testing
    Lessons Learned in Software Testing
    ISBN: 0471081124
    EAN: 2147483647
    Year: 2005
    Pages: 233

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net