Secure Coding in C and C++ (2nd Edition) (SEI Series in Software Engineering) by Seacord Robert C
Author:Seacord, Robert C. [Seacord, Robert C.]
Language: eng
Format: epub
Publisher: Pearson Education
Published: 2013-03-23T00:00:00+00:00
Nonexceptional Integer Logic Errors
Many exploitable software flaws do not require an exceptional condition to occur but are simply a result of poorly written code. The following function contains a security flaw caused by using a signed integer as an index variable:
Click here to view code image
01 int *table = NULL;
02 int insert_in_table(int pos, int value) {
03 if (!table) {
04 table = (int *)malloc(sizeof(int) * 100);
05 }
06 if (pos > 99) {
07 return -1;
08 }
09 table[pos] = value;
10 return 0;
11 }
The insert_in_table function inserts a value at position pos in an array of integers. Storage for the array is allocated on the heap on line 4 the first time the function is called. The range check on lines 6, 7, and 8 ensures that pos is not greater than 99. The value is inserted into the array at the specified position on line 9.
Although no exceptional condition can occur, a vulnerability results from the lack of range checking of pos. Because pos is declared as a signed integer, both positive and negative values can be passed to the function. An out-of-range positive value would be caught on line 6, but a negative value would not.
The following assignment statement from line 9:
table[pos] = value;
is equivalent to
(table + (pos * sizeof(int))) = value;
If pos is negative, value will be written to a location pos * sizeof(int) bytes before the start of the actual buffer. This is considered an arbitrary write condition and is a common source of vulnerabilities. This security flaw could be eliminated by declaring the formal argument pos as an unsigned integer type (such as size_t) or by checking both the upper and lower bounds as part of the range check.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
| C | C++ |
| Tutorials | Visual C++ |
Hello! Python by Anthony Briggs(9869)
OCA Java SE 8 Programmer I Certification Guide by Mala Gupta(9759)
The Mikado Method by Ola Ellnestam Daniel Brolund(9749)
Algorithms of the Intelligent Web by Haralambos Marmanis;Dmitry Babenko(8260)
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7747)
Test-Driven iOS Development with Swift 4 by Dominik Hauser(7743)
Grails in Action by Glen Smith Peter Ledbrook(7669)
The Well-Grounded Java Developer by Benjamin J. Evans Martijn Verburg(7519)
Windows APT Warfare by Sheng-Hao Ma(6510)
Secrets of the JavaScript Ninja by John Resig Bear Bibeault(6380)
Layered Design for Ruby on Rails Applications by Vladimir Dementyev(6255)
Blueprints Visual Scripting for Unreal Engine 5 - Third Edition by Marcos Romero & Brenden Sewell(6127)
Kotlin in Action by Dmitry Jemerov(5021)
Hands-On Full-Stack Web Development with GraphQL and React by Sebastian Grebe(4299)
Functional Programming in JavaScript by Mantyla Dan(4021)
Solidity Programming Essentials by Ritesh Modi(3844)
WordPress Plugin Development Cookbook by Yannick Lefebvre(3619)
Unity 3D Game Development by Anthony Davis & Travis Baptiste & Russell Craig & Ryan Stunkel(3570)
The Ultimate iOS Interview Playbook by Avi Tsadok(3537)
