TEAM-ADA Archives

Team Ada: Ada Programming Language Advocacy


Options: Use Classic View

Use Proportional Font
Show Text Part by Default
Condense Mail Headers

Topic: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Sender: "Team Ada: Ada Programming Language Advocacy (83 & 95)" <[log in to unmask]>
Date: Thu, 17 Aug 2006 17:26:04 +0200
Reply-To: Colin Paul Gloster <[log in to unmask]>
From: Colin Paul Gloster <[log in to unmask]>
In-Reply-To: <[log in to unmask]>
Content-Type: TEXT/PLAIN; charset=US-ASCII
MIME-Version: 1.0
Parts/Attachments: TEXT/PLAIN (97 lines)
On Thu, 17 Aug 2006, Robert C. Seacord emailed to an email list of the 
Association of C and C++ Users ( ):

"The CERT/CC has released a beta version of a secure integer library for
the C Programming Language.  The library is available for download from
the CERT/CC Secure Coding Initiative web page at:


[..]  The
following example illustrates how the library can be used to add two
signed long integer values:

	long retsl, xsl, ysl;
	xsl = LONG_MAX;
	ysl = 0;
	retsl = addsl(xsl,ysl);


For more information on vulnerabilities and other problems resulting
from the incorrect use of integers in C and C++ please read Chapter 5 of
"Secure Coding in C and C++" which is available as a free download from
the CERT web site:



Robert C. Seacord
Senior Vulnerability Analyst


From Chapter 5 of Robert C. Seacord's book "Secure Coding in C and C++" on
(which annoyingly would not load on the first two attempts due to "The 
system detected a possible attempt to compromise security. Please ensure 
that you can contact the server that authenticated you."):

"Integers represent a growing and underestimated source of vulnerabilities 
in C
and C++ programs. This is primarily because boundary conditions for 
unlike other boundary conditions in software engineering, have been 
ignored. [..]
Because all integer vulnerabilities are type range errors, type range 
if properly applied.can eliminate all integer vulnerabilities. Languages
such as Pascal and Ada allow range restrictions to be applied to any 
scalar type
to form subtypes. Ada, for example, allows range restrictions to be 
declared on
derived types using the range keyword:
type day is new INTEGER range 1..31;
The range restrictions are then enforced by the language runtime. C and
C++, on the other hand, are not nearly as good at enforcing type safety. 
there are some avoidance strategies that can be used to reduce or 
the risk from integer-type range errors.

Ensuring that operations on integers do not result in integer errors
requires considerable care. Programming languages such as Ada do a good 
of enforcing integer type ranges, but if you are reading this book, you 
are probably
not programming in Ada. Ideally, C and C++ compilers will one day provide
options to generate code to check for overflow conditions. But until that
day, it is a good idea to use one of the safe integer libraries discussed 
in this
chapter as a safety net.
As always, it makes sense to apply available tools, processes, and 
in the discovery and prevention of integer vulnerabilities. Static 
and source code auditing are useful for finding errors. [..]

However, Ada is not mentioned in the index of the book and I do not know 
whether Ada is mentioned in another chapter of the book.

Colin Paul Gloster, member of the A.C.C.U. and the S.I.G.Ada