Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Coding Rules for C++ Copyright © Curt Hill

Published byRobyn Greer Modified over 6 years ago

Similar presentations

Presentation on theme: "Secure Coding Rules for C++ Copyright © Curt Hill"— Presentation transcript:

1 Secure Coding Rules for C++ Copyright © 2016-2017 Curt Hill
See Copyright © Curt Hill

2 CERT Computer Emergency Response Team
A computer security group originally started by NSF Currently housed at Carnegie-Mellon University A part of this organization is the Software Engineering Institute (SEI) What follows is extracted from their coding standards Copyright © Curt Hill

3 Aside I will not cover most of the rules They are very extensive
Often use language features most of us are not familiar with Even me Many of these are in odd circumstances, where the language does not define what should happen They may not translate to a language with a tighter definition Most would fail the easy to understand code test Copyright © Curt Hill

4 Areas of Concern Declarations and Initialization Expressions
Integers and reals Arrays Characters and Strings Memory Management Input Output Miscellaneous Copyright © Curt Hill

5 Declarations Avoid C-style variable number of parameters
These end with an ellipsis to signify an unknown number of parameters Thus a function like: void multi(int x, …) { } The danger is determining the correct number and detecting problems if there is a conflict between what is told and what is given The development of fstreams was to avoid this Copyright © Curt Hill

6 Declarations and Initialization
Do not redefine a standard variable Such as cin or cout, but there are many others Not in C and not with preprocessor Treat memory allocation and deallocation as a pair Never overload one without the other in same block Do not throw exceptions in destructors or deallocation Copyright © Curt Hill

7 Expressions Do not rely on order of evaluation for side effects
Where is i incremented: a[++i] = i; Do not rely on side effects that may not be evaluated Recall short circuit evaluation A = 5; if (A > 4 || D++ < 3) Never use uninitialized memory int K; j = K*2; Copyright © Curt Hill

8 Integers Ensure that unsigned integer operations do not wrap or that signed operations do not overflow Most arithmetic operations can cause Similarly, ensure that division and remainder operations do not result in divide-by-zero errors Ensure that integer conversions do not result in lost or misinterpreted data Concerns are casts (automatic or explicit), address modification and external values Copyright © Curt Hill

9 Misinterpreted Data Consider the following: signed int a=-1;
unsigned int b = 1; if(a<b) cout << “a is less than b”; else cout << “a is not less than b”; Unsigned is stronger than signed, thus a is cast. Because of the casting of signed to unsigned, a > b The comparison is between 1 and 4 billion something Copyright © Curt Hill

10 Integers Again Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand Use correct integer precisions Never convert a pointer to integer or integer to pointer Copyright © Curt Hill

11 Floating Point Do not use floating-point variables as loop counters
Prevent or detect domain and range errors in math functions Ensure that floating-point conversions are within range of the new type Preserve precision when converting integral values to floating-point type An int is more precise than a float Copyright © Curt Hill

12 Arrays Do not form or use out-of-bounds pointers or array subscripts
Ensure size arguments for variable length arrays are in a valid range Do not subtract or compare two pointers that do not refer to the same array Do not add or subtract an integer to a pointer to a non-array object Guarantee that library functions do not form invalid pointers Copyright © Curt Hill

13 Characters and Strings
Do not attempt to modify string literals Guarantee that storage for strings has sufficient space for character data and the null terminator Do not pass a non-null-terminated character sequence to a library function that expects a string Do not confuse narrow and wide character strings and functions Copyright © Curt Hill

14 Memory Management Do not access freed memory
Free dynamically allocated memory when no longer needed Do not allocate and copy structures containing a flexible array member dynamically Only free memory allocated dynamically Allocate sufficient memory for an object Copyright © Curt Hill

15 I/O Exclude user input from format strings
Such as printf/scanf Use valid format strings Distinguish between characters read from a file and EOF Do not assume that fgets() or fgetws() returns a nonempty string when successful Copyright © Curt Hill

16 I/O Do not copy a FILE object
Recall the pointers present Reset strings on fgets() or fgetws() failure Close files when they are no longer needed Do not access a closed file Copyright © Curt Hill

17 Miscellaneous Properly seed pseudorandom number generators
Ensure that control never reaches the end of a non-void function Always end with a return Do not treat a predefined identifier as an object if it might only be implemented as a macro Do not call va_arg() on a va_list that has an indeterminate value Do not violate constraints Copyright © Curt Hill

18 Summarizing Many of these are very obvious
Part of idea of any of these is that checking code is provided around the use There are very many more such guidelines Your code review team should be familiar with these Having a syntax analyzer check these is usually required Copyright © Curt Hill

Download ppt "Secure Coding Rules for C++ Copyright © Curt Hill"

Similar presentations

Chapter 10.

Chapter 10.
Computer Science 1620 Other Data Types. Quick Review: checklist for performing user input: 1) Be sure variable is declared 2) Prompt the user for input.

Computer Science 1620 Other Data Types. Quick Review: checklist for performing user input: 1) Be sure variable is declared 2) Prompt the user for input.
1 Chapter 4 Language Fundamentals. 2 Identifiers Program parts such as packages, classes, and class members have names, which are formally known as identifiers.

1 Chapter 4 Language Fundamentals. 2 Identifiers Program parts such as packages, classes, and class members have names, which are formally known as identifiers.
Data types and variables

Data types and variables
1 CISC181 Introduction to Computer Science Dr. McCoy Lecture 19 Clicker Questions November 3, 2009.

1 CISC181 Introduction to Computer Science Dr. McCoy Lecture 19 Clicker Questions November 3, 2009.
C++ Programming: Program Design Including Data Structures, Fourth Edition Chapter 13: Pointers, Classes, Virtual Functions, and Abstract Classes.

C++ Programming: Program Design Including Data Structures, Fourth Edition Chapter 13: Pointers, Classes, Virtual Functions, and Abstract Classes.
C++ Programming: From Problem Analysis to Program Design, Fourth Edition Chapter 14: Pointers, Classes, Virtual Functions, and Abstract Classes.

C++ Programming: From Problem Analysis to Program Design, Fourth Edition Chapter 14: Pointers, Classes, Virtual Functions, and Abstract Classes.
Chapter 7 Simple Date Types J. H. Wang ( 王正豪 ), Ph. D. Assistant Professor Dept. Computer Science and Information Engineering National Taipei University.

Chapter 7 Simple Date Types J. H. Wang ( 王正豪 ), Ph. D. Assistant Professor Dept. Computer Science and Information Engineering National Taipei University.
8-1 Embedded Systems Fixed-Point Math and Other Optimizations.

8-1 Embedded Systems Fixed-Point Math and Other Optimizations.
CS 215-401 Midterm Study Guide Fall 2014. General topics Definitions and rules Technical names of things Syntax of C++ constructs Meaning of C++ constructs.

CS Midterm Study Guide Fall General topics Definitions and rules Technical names of things Syntax of C++ constructs Meaning of C++ constructs.
Chapter 12: Pointers, Classes, Virtual Functions, and Abstract Classes.

Chapter 12: Pointers, Classes, Virtual Functions, and Abstract Classes.
Copyright 1998-2010 Curt Hill Variables What are they? Why do we need them?

Copyright Curt Hill Variables What are they? Why do we need them?
Copyright © 2007-2010 – Curt Hill Types What they do.

Copyright © – Curt Hill Types What they do.
School of Computer Science & Information Technology G6DICP - Lecture 4 Variables, data types & decision making.

School of Computer Science & Information Technology G6DICP - Lecture 4 Variables, data types & decision making.
Copyright 1998-2014 Curt Hill Arrays in C/C++ What? Why? How?

Copyright Curt Hill Arrays in C/C++ What? Why? How?
Introduction to Python Dr. José M. Reyes Álamo. 2 Three Rules of Programming Rule 1: Think before you program Rule 2: A program is a human-readable set.

Introduction to Python Dr. José M. Reyes Álamo. 2 Three Rules of Programming Rule 1: Think before you program Rule 2: A program is a human-readable set.
 2008 Pearson Education, Inc. All rights reserved. 1 Arrays and Vectors.

 2008 Pearson Education, Inc. All rights reserved. 1 Arrays and Vectors.
Tokens in C  Keywords  These are reserved words of the C language. For example int, float, if, else, for, while etc.  Identifiers  An Identifier is.

Tokens in C  Keywords  These are reserved words of the C language. For example int, float, if, else, for, while etc.  Identifiers  An Identifier is.
Lecture 3: More Java Basics Michael Hsu CSULA. Recall From Lecture Two  Write a basic program in Java  The process of writing, compiling, and running.

Lecture 3: More Java Basics Michael Hsu CSULA. Recall From Lecture Two  Write a basic program in Java  The process of writing, compiling, and running.
Java Programming: Guided Learning with Early Objects Chapter 1 Basic Elements of Java.

Java Programming: Guided Learning with Early Objects Chapter 1 Basic Elements of Java.

Similar presentations

Ads by Google