Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Coding Rules for C++ Copyright © 2016 Curt Hill

Published byWendy Porter Modified over 7 years ago

Similar presentations

Presentation on theme: "Secure Coding Rules for C++ Copyright © 2016 Curt Hill"— Presentation transcript:

1 Secure Coding Rules for C++ Copyright © 2016 Curt Hill
See Copyright © 2016 Curt Hill

2 CERT Computer Emergency Response Team
A computer security group originally started by NSF Currently housed at Carnegie-Mellon University A part of this organization is the Software Engineering Institute (SEI) What follows is extracted from their coding standards Copyright © 2016 Curt Hill

3 Aside I will not cover most of the rules They are very extensive
Often use language features most of us are not familiar with Even me Many of these are in odd circumstances, where the language does not define what should happen They may not translate to a language with a tighter definition Most would fail the easy to understand code test Copyright © 2016 Curt Hill

4 Areas of Concern Declarations and Initialization Expressions
Integers and reals Arrays Characters and Strings Memory Management Input Output Miscellaneous Copyright © 2016 Curt Hill

5 Declarations and Initialization
Avoid C-style variable number of parameters These end with an ellipsis to signify an unknown number of parameters Thus a function like: void multi(int x, …) { } The danger is determining the correct number and detecting problems if there is a conflict between what is told and what is given Copyright © 2016 Curt Hill

6 Declarations and Initialization
Do not redefine a standard variable Such as cin or cout, but there are many others Not in C and not with preprocessor Treat memory allocation and deallocation as a pair Never overload one without the other in same block Do not throw exceptions in destructors or deallocation Copyright © 2016 Curt Hill

7 Expressions Do not rely on order of evaluation for side effects
Where is i incremented: a[++i] = i; Do not rely on side effects that may not be evaluated Recall short circuit evaluation A = 5; if (A > 4 || D++ < 3) Do not use uninitialized memory int K; j = K*2; Copyright © 2016 Curt Hill

8 Integers Ensure that unsigned integer operations do not wrap or that signed operations do not overflow Most arithmetic operations can cause Similarly, ensure that division and remainder operations do not result in divide-by-zero errors Ensure that integer conversions do not result in lost or misinterpreted data Concerns are casts (automatic or explicit), address modification and external values Copyright © 2016 Curt Hill

9 Misinterpreted Data Consider the following: signed int a=-1;
unsigned int b = 1; if(a<b) cout << “a is less than b”; else cout << “a is not less than b”; Because of the casting of signed to unsigned, a > b The comparison is between 1 and 4 billion something Copyright © 2016 Curt Hill

10 Integers Again Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand Use correct integer precisions Converting a pointer to integer or integer to pointer Copyright © 2016 Curt Hill

11 Floating Point Do not use floating-point variables as loop counters
Prevent or detect domain and range errors in math functions Page: Ensure that floating-point conversions are within range of the new type Preserve precision when converting integral values to floating-point type Copyright © 2016 Curt Hill

12 Arrays Do not form or use out-of-bounds pointers or array subscripts
Ensure size arguments for variable length arrays are in a valid range Do not subtract or compare two pointers that do not refer to the same array Do not add or subtract an integer to a pointer to a non-array object Guarantee that library functions do not form invalid pointers Copyright © 2016 Curt Hill

13 Characters and Strings
Do not attempt to modify string literals Guarantee that storage for strings has sufficient space for character data and the null terminator Do not pass a non-null-terminated character sequence to a library function that expects a string Do not confuse narrow and wide character strings and functions Copyright © 2016 Curt Hill

14 Memory Management Do not access freed memory
Free dynamically allocated memory when no longer needed Allocate and copy structures containing a flexible array member dynamically Only free memory allocated dynamically Allocate sufficient memory for an object Copyright © 2016 Curt Hill

15 I/O Exclude user input from format strings
Such as printf/scanf Use valid format strings Distinguish between characters read from a file and EOF Do not assume that fgets() or fgetws() returns a nonempty string when successful Copyright © 2016 Curt Hill

16 I/O Do not copy a FILE object
Recall the pointers present Reset strings on fgets() or fgetws() failure Close files when they are no longer needed Do not access a closed file Copyright © 2016 Curt Hill

17 Miscellaneous Properly seed pseudorandom number generators
Ensure that control never reaches the end of a non-void function Do not treat a predefined identifier as an object if it might only be implemented as a macro Do not call va_arg() on a va_list that has an indeterminate value Do not violate constraints Copyright © 2016 Curt Hill

18 Summarizing Many of these are very obvious
Part of idea of any of these is that checking code is provided around the use There are very many more such guidelines Your code review team should be familiar with these Having a syntax analyzer check would also be good Copyright © 2016 Curt Hill

Download ppt "Secure Coding Rules for C++ Copyright © 2016 Curt Hill"

Similar presentations

A C++ Crash Course Part II UW Association for Computing Machinery Questions & Feedback.

A C++ Crash Course Part II UW Association for Computing Machinery Questions & Feedback.
Chapter 10.

Chapter 10.
Computer Science 1620 Other Data Types. Quick Review: checklist for performing user input: 1) Be sure variable is declared 2) Prompt the user for input.

Computer Science 1620 Other Data Types. Quick Review: checklist for performing user input: 1) Be sure variable is declared 2) Prompt the user for input.
1 Chapter 4 Language Fundamentals. 2 Identifiers Program parts such as packages, classes, and class members have names, which are formally known as identifiers.

1 Chapter 4 Language Fundamentals. 2 Identifiers Program parts such as packages, classes, and class members have names, which are formally known as identifiers.
© Copyright 1992–2004 by Deitel & Associates, Inc. and Pearson Education Inc. All Rights Reserved. Chapter 5 - Functions Outline 5.1Introduction 5.2Program.

© Copyright 1992–2004 by Deitel & Associates, Inc. and Pearson Education Inc. All Rights Reserved. Chapter 5 - Functions Outline 5.1Introduction 5.2Program.
Data types and variables

Data types and variables
1 CISC181 Introduction to Computer Science Dr. McCoy Lecture 19 Clicker Questions November 3, 2009.

1 CISC181 Introduction to Computer Science Dr. McCoy Lecture 19 Clicker Questions November 3, 2009.
C++ Programming: Program Design Including Data Structures, Fourth Edition Chapter 13: Pointers, Classes, Virtual Functions, and Abstract Classes.

C++ Programming: Program Design Including Data Structures, Fourth Edition Chapter 13: Pointers, Classes, Virtual Functions, and Abstract Classes.
C++ Programming: From Problem Analysis to Program Design, Fourth Edition Chapter 14: Pointers, Classes, Virtual Functions, and Abstract Classes.

C++ Programming: From Problem Analysis to Program Design, Fourth Edition Chapter 14: Pointers, Classes, Virtual Functions, and Abstract Classes.
Introduction to Python

Introduction to Python
Chapter 7 Simple Date Types J. H. Wang ( 王正豪 ), Ph. D. Assistant Professor Dept. Computer Science and Information Engineering National Taipei University.

Chapter 7 Simple Date Types J. H. Wang ( 王正豪 ), Ph. D. Assistant Professor Dept. Computer Science and Information Engineering National Taipei University.
8-1 Embedded Systems Fixed-Point Math and Other Optimizations.

8-1 Embedded Systems Fixed-Point Math and Other Optimizations.
Hello.java Program Output 1 public class Hello { 2 public static void main( String [] args ) 3 { 4 System.out.println( “Hello! ); 5 } // end method main.

Hello.java Program Output 1 public class Hello { 2 public static void main( String [] args ) 3 { 4 System.out.println( “Hello!" ); 5 } // end method main.
CS 215-401 Midterm Study Guide Fall 2014. General topics Definitions and rules Technical names of things Syntax of C++ constructs Meaning of C++ constructs.

CS Midterm Study Guide Fall General topics Definitions and rules Technical names of things Syntax of C++ constructs Meaning of C++ constructs.
Copyright © 2012 Pearson Education, Inc. Publishing as Pearson Addison-Wesley C H A P T E R 2 Input, Processing, and Output.

Copyright © 2012 Pearson Education, Inc. Publishing as Pearson Addison-Wesley C H A P T E R 2 Input, Processing, and Output.
Chapter 12: Pointers, Classes, Virtual Functions, and Abstract Classes.

Chapter 12: Pointers, Classes, Virtual Functions, and Abstract Classes.
Copyright 1998-2010 Curt Hill Variables What are they? Why do we need them?

Copyright Curt Hill Variables What are they? Why do we need them?
Copyright © 2007-2010 – Curt Hill Types What they do.

Copyright © – Curt Hill Types What they do.
School of Computer Science & Information Technology G6DICP - Lecture 4 Variables, data types & decision making.

School of Computer Science & Information Technology G6DICP - Lecture 4 Variables, data types & decision making.
Copyright 1998-2014 Curt Hill Arrays in C/C++ What? Why? How?

Copyright Curt Hill Arrays in C/C++ What? Why? How?

Similar presentations

Ads by Google