Seacord, Robert C.

Secure coding in C and C++ / Secure coding in C and C plus plus Robert C. Seacord ; [foreword by Richard D. Pethia]. - 2nd ed. - Upper Saddle River, NJ : Addison-Wesley, c2013. - xxvii, 569 p. : ill. ; 24 cm.

"A CERT book"--Cover.

Includes bibliographical references (p. 519-537) and index.

Chapter 1 Running with Scissors
1.1 Gauging the Threat
What Is the Cost?
Who Is the Threat?
Software Security
1.2 Security Concepts
Security Policy
Security Flaws
Vulnerabilities
Exploits
Mitigations
1.3 C and C++
A Brief History
What Is the Problem with C?
Legacy Code
Other Languages
1.4 Development Platforms
Operating Systems
Compilers
1.5 Summary
1.6 Further Reading
Chapter 2 Strings
2.1 Character Strings
String Data Type
UTF-8
Wide Strings
String Literals
Strings in C++
Character Types
Sizing Strings
2.2 Common String Manipulation Errors
Improperly Bounded String Copies
Off-by-One Errors
Null-Termination Errors
String Truncation
String Errors without Functions
2.3 String Vulnerabilities and Exploits
Tainted Data
Security Flaw: IsPasswordOK
Buffer Overflows
Process Memory Organization
Stack Management
Stack Smashing
Code Injection
Arc Injection
Return-Oriented Programming
2.4 Mitigation Strategies for Strings
String Handling
Cll Annex K Bounds-Checking Interfaces
Dynamic Allocation Functions
C++ std::basic_string
Invalidating String Object References
Other Common Mistakes in basic_string Usage
2.5 String-Handling Functions
getsO
C99
Cll Annex K Bounds-Checking Interfaces: gets_sC)
Dynamic Allocation Functions
strcpyO and strcatC)
C99
strncpyC) and strncat
memcpyO and memmoveC)
strlenO
2.6
2.7
2.8
2.9
Runtime Protection Strategies
Detection and Recovery
Input Validation
Object Size Checking
Visual Studio Compiler-Generated Runtime Checks
Stack Canaries
Stack-Smashing Protector (ProPolice)
Operating System Strategies
Detection and Recovery
Nonexecutable Stacks
PaX
Future Directions
Notable Vulnerabilities
Remote Login
Kerheros
Summary
Further Reading
Chapter 3 Pointer Subterfuge
3.1
3.2
3.3
3.4
3.5
3.6
3.7
3.8
3.9
3.10
3.11
3.12
3.13
Data Locations
Function Pointers
Object Pointers
Modifying the Instruction Pointer
Global Offset Table
The .dtors Section
Virtual Pointers
The atexitO and on_exitO Functions
The longjmpO Function
Exception Handling
Structured Exception Handling
System Default Exception Handling
Mitigation Strategies
Stack Canaries
VV^X
Encoding and Decoding Function Pointers
Summary
Further Reading
Chapter 4 Dynamic Memory Management
4.1 C Memory Management
C Standard Memory Management Functions
Alignment
all oca O and Variable-Length Arrays
4.2 Common C Memory Management Errors
Initialization Errors
Failing to Check Return Values
Dereferencing Null or Invalid Pointers
Referencing Freed Memory
Freeing Memory Multiple Times
Memory Leaks
Zero-Length Allocations
OR #400
4.3 C++ Dynamic Memory Management
Allocation Functions
Deallocation Functions
Garbage Collection
4.4 Common C++ Memory Management Errors
Failing to Correctly Check for Allocation Failure
Improperly Paired Memory Management Functions
Freeing Memory Multiple Times
Deallocation Function Throws an Exception
4.5 Memory Managers
4.6 Doug Lea's Memory Allocator
Buffer Overflows on the Heap
4.7 Double-Free Vulnerabilities
Writing to Freed Memory
RtlHeap
Buffer Overflows (Redux)
4.8 Mitigation Strategies
Null Pointers
Consistent Memory Management Conventions
phkmalloc
Randomization
OpenBSD
The jemalloc Memory Manager
Static Analysis
Runtime Analysis Tools
4.9 Notable Vulnerabilities
CVS Buffer Overflow Vulnerability
Microsoft Data Access Components (MDAC)
CVS Server Double-Free
Vulnerabilities in MIT Kerberos 5
4.10 Summary
Chapter 5 Integer Security
5.1 Introduction to Integer Security
5.2 Integer Data Types
Unsigned Integer Types 227
Wraparound
Signed Integer Types
Signed Integer Ranges
Integer Overflow
Character Types
Data Models
Other Integer Types
5.3 Integer Conversions
Converting Integers
Integer Conversion Rank
Integer Promotions
Usual Arithmetic Conversions
Conversions from Unsigned Integer Types
Conversions from Signed Integer Types
Conversion Implications
5.4 Integer Operations
Assignment
Addition
Subtraction
Multiplication
Division and Remainder
Shifts
5.5 Integer Vulnerabilities
Vulnerabilities
Wraparound
Conversion and Truncation Errors
Nonexceptional Integer Logic Errors
5.6 Mitigation Strategies
Integer Type Selection
Abstract Data Types
Arbitrary-Precision Arithmetic
Range Checking
Precondition and Postcondition Testing
Secure Integer Libraries
Overflow Detection
Compiler-Generated Runtime Checks
Verifiably In-Range Operations
As-If Infinitely Ranged Integer Model
Testing and Analysis
5.7 Summary
Chapter 6 Formatted Output
6.1 Variadic Functions
6.2 Formatted Output Functions
Format Strings
GCC
Visual C++
6.3 Exploiting Formatted Output Functions
Buffer Overflow
Output Streams
Crashing a Program
Viewing Stack Content
Viewing Memory Content
Overwriting Memory
Internationalization
Wide-Character Format String Vulnerabilities
6.4 Stack Randomization
Defeating Stack Randomization
Writing Addresses in Two Words
Direct Argument Access
6.5 Mitigation Strategies
Exclude User Input from Format Strings
Dynamic Use of Static Content
Restricting Bytes Written
Cll Annex K Bounds-Checking Interfaces
iostream versus stdio
Testing
Compiler Checks
Static Taint Analysis
Modifying the Variadic Function Implementation
Fxec Shield
FormatGuard
Static Binary Analysis
6.6 Notable Vulnerabilities
Washington University FTP Daemon
CDF ToolTalk
Fttercap Version NG-0.7.2
6.7 Summary
6.8 Further Reading
Chapter 7 Concurrency
7.1 Multithreading
7.2 Parallelism
Data Parallelism
Task Parallelism
7.3 Performance Goals
Amdahl's Law
7.4 Common Errors
Race Conditions
Corrupted Values
Volatile Objects
7.5 Mitigation Strategies
Memory Model
Synchronization Primitives
Thread Role Analysis (Research)
Immutable Data Structures
Concurrent Code Properties
7.6 Mitigation Pitfalls
Deadlock
Prematurely Releasing a Lock
Contention
The ABA Problem
7.7 Notable Vulnerabilities
DoS Attacks in Multicore Dynamic Random-Access Memory
(DRAM) Systems
Concurrency Vulnerabilities in System Call Wrappers
7.8 Summary
Chapter 8 File I/O
8.1 File I/O Basics
File Systems
Special Files
8.2 File I/O Interfaces
Data Streams
Opening and Closing Files
POSIX
File I/O in C++
8.3 Access Control
UNIX File Permissions
Process Privileges
Changing Privileges
Managing Privileges
Managing Permissions
8.4 File Identification
Directory Traversal
Equivalence Errors
Symbolic Links
Canonicalization
Hard Links
Device Files
File Attributes
8.5 Race Conditions
Time of Check, Time of Use (TOCTOU)
Create without Replace
Exclusive Access
Shared Directories
8.6 Mitigation Strategies
Closing the Race Window
Eliminating the Race Object
Controlling Access to the Race Object
Race Detection Tools
8.7 Summary
Chapter 9 Recommended Practices
9.1 The Security Development Lifecycle
TSP-Secure
Planning and Tracking
Quality Management
9.2 Security Training
9.3 Requirements
Secure Coding Standards
Security Quality Requirements Engineering
Use/Misuse Cases
9.4 Design
Secure Software Development Principles
Threat Modeling
Analyze Attack Surface
Vulnerabilities in Existing Code
Secure Wrappers
Input Validation
Trust Boundaries
Blacklisting
Whitelisting
Testing
9.5 Implementation
Compiler Security Features
As-If Infinitely Ranged (AIR) Integer Model
Safe-Secure C/C++
Static Analysis
Source Code Analysis Laboratory (SCALe)
Defense in Depth
9.6 Verification
Static Analysis
Penetration Testing
Fuzz Testing
Code Audits
Developer Guidelines and Checklists
Independent Security Review
Attack Surface Review
9.7 Summary
9.8 Further Reading

ISBN: 9780321822130 (pbk.) 0321822137 (pbk.)

Subjects--Topical Terms:
Computer security.
C (Computer program language)
C++ (Computer program language)

Dewey Class. No.: 005.8 / SEA/S