[CLUE-Tech] OT: C code security - what to look for?

Dennis J Perkins djperkins at americanisp.net
Sun Aug 10 14:26:06 MDT 2003 

On Sun, 2003-08-10 at 14:01, Bruce Ediger wrote:
> >   What kinds of problems should I watch for (I know about buffer
> >     overruns ... what else?)?
> 
> Look for a book "C Traps and Pitfalls" by Andrew Koenig.  It's a good
> read, and it has all the mistakes.
> 
> Kernighan and Pike's "The Practice of Programming" has some good stuff
> in it, too.
> 
> I think that not developing and rigorously following a personal coding
> standard (including indentation and braces style) causes a lot of
> problems.  If you do certain things by habit, you won't screw them up
> very often.  Since you're an OCaml type, you should consider writing C as
> "functional" as possible.
> 
> Avoid "Hungarian Notation".
> 
> >   What kinds of coding errors cause those problems?
> 
> Unfortunately the things that make C so interesting and so versatile:
> pointer arithmetic, complicated data structures and dynamic memory
> allocation.
> 
> >   What kinds of tools and procedures are most useful for evaluating
> >     the safety of my code?
> 
> Electric Fence malloc, Dmalloc (http://dmalloc.com/).  I recommend
> compiling and testing with both - they check different things.  Do
> branch coverage tests - I forget how to do this with GCC, but it can
> be done.  To get anywhere about 50% code coverage, you will have to
> write some pretty interesting test cases.
> 
> If you can, get a 2nd C compiler: Hanson and Frasiers's "lcc"
> (http://www.cs.princeton.edu/software/lcc/) is a good freebie.
> Use gcc for a while, then switch to lcc for a while.
> 
> Compile with all error warnings (for gcc "-Wall" at least, look at the
> "Warning Options" section of the gcc man page) turned on, every time
> you compile.  At least understand why the compiler warns about things.
> Some things just aren't fixable, or make your code look really stupid
> (i.e. putting "(void)" in front of all calls to fprintf()).  DO NOT
> fiddle with compiler flags to make a warning or an error message go
> away.
> 
> Compile and test on a different hardware architecture - SPARC, or Alpha or
> (heaven forbid!) HP's PA-RISC if you can.  Writing code on x86 hardware
> only can cause you to do dopey things - do silly casts, or assuming a
> particular structure member packing.
> 
> Write code so that you can put together unit test "harness" programs
> to exercize modules as thoroughly as possible without compiling and
> running a giant monolithic program.


I saw a book at Softpro on secure programming that probably covers some
programming mistakes, i.e., buffer overruns.

More information about the clue-tech mailing list