Table of contents for Secure coding in C and C++ / Robert C. Seacord.

Bibliographic record and links to related information available from the Library of Congress catalog.

Note: Contents data are machine generated based on pre-publication provided by the publisher. Contents may have variations from the printed book or be incomplete or contain other coding.


Counter
Contents
Preface 	ix
1	Running with Scissors 	1
1.1	Gauging the Threat 	4
What is the Cost? 	5
Who is the Threat? 	6
Software Security 	8
1.2	Security Concepts 	9
Security Policy 	11
Security Flaws 	11
Vulnerabilities 	12
Exploits 	13
Mitigations 	13
1.3	C and C++ 	14
A Brief History 	14
What is the Problem with C? 	16
Legacy Code 	17
Other Languages 	17
1.4	Development Platforms 	17
Operating Systems 	18
Compilers 	19
1.5	Summary 	21
1.6	For Further Reading 	21
2	Strings 	23
2.1	String Characteristics 	23
Strings in C++ 	24
2.2	Common String Manipulation Errors 	24
Unbounded String Copies 	25
Off-by-One Errors 	27
Null-Termination Errors 	28
string errors without functions 	29
2.3	String Vulnerabilities 	30
Security Flaw 	32
Buffer Overflows 	32
2.4	Process Memory Organization 	33
Stack Management 	34
2.5	Stack Smashing 	37
2.6	Code Injection 	42
2.7	Arc Injection 	45
2.8	Mitigation Strategies 	48
PrevenTION 	48
String Streams 	59
Detection and Recovery 	61
2.9	Notable Vulnerabilities 	66
rlogin 	66
Kerberos 	67
Metamail 	67
2.10	Summary 	68
2.11	For Further Reading 	70
3	Pointer Subterfuge 	71
3.1	Data Locations 	72
3.2	Function Pointers 	73
3.3	Data Pointers 	74
3.4	Modifying the Instruction Pointer 	75
3.5	Global Offset Table 	76
3.6	The .dtors Section 	78
3.7	Virtual Pointers 	80
3.8	The atexit() and on_exit() Functions 	82
3.9	The longjmp() Function 	84
3.10	Exception Handling 	85
Structured Exception Handling 	86
System Default Exception Handling 	88
3.11	Mitigation Strategies 	89
W^X 	89
Canaries 	89
3.12	Summary 	89
3.13	For Further Reading 	90
4	Dynamic Memory Management 	91
4.1	Dynamic Memory Management 	92
4.2	Common Dynamic Memory Management Errors 	94
Initialization 	94
Failing to Check Return Values 	95
Referencing Freed MEmory 	97
Freeing Memory Multiple Times 	98
Improperly paired memory Management functions 	99
Failure to Distinguish Scalars and Arrays 	99
improper use of allocation functions 	100
4.3	Doug Lea's Memory Allocator 	100
dlmalloc memory management 	101
Buffer Overflows 	103
Double-Free Vulnerabilities 	109
Writing to Freed Memory 	113
4.4	RtlHeap 	113
Memory Management in Win32 	114
RtlHeap Data Structures 	115
Buffer Overflows 	119
Buffer Overflows (Redux) 	121
Writing to Freed Memory 	125
Double-Free 	126
Look-aside Table 	129
4.5	Mitigation Strategies 	129
Null Pointers 	130
Consistent Memory Management conventions 	130
Heap Integrity Detection 	131
Phkmalloc 	132
Randomization 	133
Guard Pages 	133
OpenBSD 	134
Runtime Analysis Tools 	134
Windows XP SP2 	136
4.6	Notable Vulnerabilities 	138
CVS Buffer Overflow Vulnerability 	138
Microsoft Data Access Components (MDAC) 	139
CVS Server Double-Free 	139
Vulnerabilities in MIT Kerberos 5 	140
4.7	Summary 	140
4.8	For Further Reading 	141
5	Integer Security 	143
5.1	Integers 	144
Integer Representation 	144
Integer Types 	145
Integer Ranges 	150
5.2	Integer Conversions 	151
Integer Promotions 	151
Integer Conversion Rank 	152
Conversions From Unsigned Integer Types 	153
Conversions From Signed Integer Types 	153
Signed or Unsigned Characters 	155
Usual Arithmetic Conversions 	155
5.3	Integer Error Conditions 	156
integer Overflow 	156
Sign Errors 	157
Truncation Errors 	158
5.4	Integer Operations 	159
integer Addition 	160
integer Subtraction 	163
integer Multiplication 	165
integer Division 	168
5.5	Vulnerabilities 	172
Integer Overflow 	172
Sign Errors 	173
Truncation Errors 	175
5.6	Non-Exceptional Integer Logic Errors 	177
5.7	Mitigation Strategies 	178
Range Checking 	178
Strong Typing 	179
Compiler-Generated Runtime Checks 	180
Safe Integer Operations 	181
Arbitrary Precision Arithmetic 	186
Testing 	187
Source Code Audit 	187
5.8	Notable Vulnerabilities 	187
Integer Overflow In XDR Library 	188
Windows DirectX MIDI Library 	188
Bash 	189
5.9	Summary 	190
5.10	For Further Reading 	191
6	Formatted Output 	193
6.1	Variadic Functions 	194
ANSI C Standard Arguments 	194
UNIX System V Varargs 	197
6.2	Formatted Output Functions 	198
Format Strings 	199
GCC 	201
Visual C++ .NET 	202
6.3	Exploiting Formatted Output Functions 	203
Buffer Overflow 	203
Output Streams 	204
Crashing a Program 	205
Viewing Stack Content 	205
Viewing Memory Content 	208
Overwriting Memory 	209
Internationalization 	214
6.4	Stack Randomization 	214
Thwarting Stack Randomization 	215
Writing Addresses in Two Words 	216
Direct Argument Access 	217
6.5	Mitigation Strategies 	220
Dynamic Use of Static Content 	220
Restricting Bytes Written 	220
ISO/IEC WDTR 24731 	222
iostream vs. stdio 	223
Testing 	224
Compiler Checks 	224
Lexical Analysis 	225
Static Taint Analysis 	225
Modifying the Variadic Function Implementation 	226
Exec Shield 	228
FormatGuard 	228
Libsafe 	229
Static Binary Analysis 	229
6.6	Notable Vulnerabilities 	230
Wu-ftpd 	230
CDE ToolTalk 	231
6.7	Summary 	231
6.8	For Further Reading 	233
7	File I/O 	235
7.1	Concurrency 	235
Race Conditions 	235
Mutual Exclusion and Deadlock 	236
7.2	Time of Check, Time of Use 	238
7.3	Files as Locks and File Locking 	240
7.4	File System Exploits 	242
Symbolic Linking exploits 	242
temporary file open exploits 	245
unlink() race exploit 	247
trusted filenames 	248
Non-unique temp file names 	249
7.5	Mitigation Strategies 	249
CLOSING THE RACE WINDOW 	249
Eliminating the Race Object 	253
Controlling Access to the Race Object 	256
Race Detection Tools 	257
7.6	Summary 	259
8	Recommended Practices 	261
8.1	Secure Software Development Principles 	263
Economy of Mechanism 	263
Fail-Safe Defaults 	264
Complete mediation 	264
Open design 	265
Separation of Privilege 	265
least privilege 	265
Least common mechanism 	266
Psychological acceptability 	267
8.2	Systems Quality Requirements Engineering 	267
8.3	Threat Modeling 	269
8.4	Use/Misuse Cases 	270
8.5	Architecture and Design 	271
8.6	Off-the-Shelf Software 	273
Vulnerabilities in Existing Code 	273
Secure wrappers 	274
8.7	Compiler Checks 	275
8.8	Input Validation 	275
8.9	Data Sanitization 	277
Black listing 	278
White listing 	279
Testing 	280
8.10	Static Analysis 	280
Fortify 	281
Prexis 	282
Prevent 	282
PREfix and PREfast 	283
8.11	Quality Assurance 	283
Penetration Testing 	283
Fuzz Testing 	284
Code Audits 	285
Developer Guidelines and Checklists 	285
Independent Security Review 	286
8.12	Memory Permissions 	286
W^X 	287
PaX 	288
Data Execution Prevention 	288
8.13	Defense in Depth 	288
8.14	TSP-Secure 	289
Planning and Tracking 	290
Quality Management 	290
8.15	Summary 	292
8.16	Further Reading 	292
References 	293
Acronyms 	305
Index

Library of Congress Subject Headings for this publication:

Computer security.
C (Computer program language).
C++ (Computer program language).