C Language Issues / PDF

C Language Issues / PDF

Sample of the pdf document :

Introduction:

When you’re reviewing software to uncover potential security holes, it’s important to understand the underlying details of how the programming language implements data types and operations, and how those details can affect execution flow. A code reviewern examining an application binary at the assembly level can see explicitly how data is stored and manipulated as well as the exact implications of an operation on a piece of data. However, when you’re reviewing an application at the source code level, some details are abstracted and less obvious. This abstraction can lead to the introduction of subtle vulnerabilities in software that remain unnoticed and uncorrected for long periods of time. A thorough auditor should be familiar with the source language’s underlying implementation and how these details can lead to security-relevant conditions in border cases or exceptional situations.



This chapter explores subtle details of the C programming language that could adversely affect an application’s security and robustness. Specifically, it covers the storage details of primitive types, arithmetic overflow and underflow conditions, type conversion issues, such as the default type promotions, signed/unsigned conversions and comparisons, sign extension, and truncation. You also look at some
interesting nuances of C involving unexpected results from certain operators and other commonly unappreciated behaviors. Although this chapter focuses on C, many principles can be applied to other languages.

C Language Background

This chapter deals extensively with specifics of the C language and uses terminology from the C standards. You shouldn’t have to reference the standards to follow this material, but this chapter makes extensive use of the public final draft of the C99 standard (ISO/IEC 9899:1999), which you can find at
www.open-std.org/jtc1/sc22/wg14/www/standards. The C Rationale document that accompanies the draft standard is also useful. Interested readers should check out Peter Van der Linden’s excellent book Expert
C Programming (Prentice Hall, 1994) and the second edition of Kernighan and Ritchie’s The C Programming Language (Prentice Hall, 1988). You might also be interested in purchasing the final version of the ISO standard or the older ANSI standard; both are sold through the ANSI organization’s Web site (www.ansi.org).

Although this chapter incorporates a recent standard, the content is targeted toward the current mainstream use of C, specifically the ANSI C89/ISO 90 standards.

Because low-level security details are being discussed, notes on any situations in which changes across versions of C are relevant have been added.

Occasionally, the terms “undefined behavior” and “implementation-defined behavior” are used when discussing the standards. Undefined behavior is erroneous behavior: conditions that aren’t required to be handled by the compiler and, therefore, have unspecified results. Implementation-defined behavior is behavior that’s up to the underlying implementation. It should be handled in a consistent and logical manner, and the method for handling it should be documented.

Data Storage Overview
Before you delve into C’s subtleties, you should review the basics of C types—specifically,
their storage sizes, value ranges, and representations. This section explains the types
from a general perspective, explores details such as binary encoding, twos complement
arithmetic, and byte order conventions, and winds up with some pragmatic observations
on common and future implementations.............

 Click here for  Download PDF / FREE

C Language Issues / PDF