TEAM-ADA Archives

Team Ada: Ada Programming Language Advocacy

TEAM-ADA@LISTSERV.ACM.ORG

Options: Use Classic View

Use Monospaced Font
Show HTML Part by Default
Show All Mail Headers

Topic: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Colin Paul Gloster <[log in to unmask]>
Thu, 17 Aug 2006 17:26:04 +0200
TEXT/PLAIN (97 lines)
On Thu, 17 Aug 2006, Robert C. Seacord emailed to an email list of the 
Association of C and C++ Users ( WWW.ACCU.org ):

"The CERT/CC has released a beta version of a secure integer library for
the C Programming Language.  The library is available for download from
the CERT/CC Secure Coding Initiative web page at:
http://www.cert.org/secure-coding/

[..]

[..]  The
following example illustrates how the library can be used to add two
signed long integer values:

	long retsl, xsl, ysl;
	xsl = LONG_MAX;
	ysl = 0;
	retsl = addsl(xsl,ysl);

[..]

For more information on vulnerabilities and other problems resulting
from the incorrect use of integers in C and C++ please read Chapter 5 of
"Secure Coding in C and C++" which is available as a free download from
the CERT web site:

http://www.cert.org/books/secure-coding/moreinfo.html

[..]

Thanks,
rCs


-- 
Robert C. Seacord
Senior Vulnerability Analyst
CERT/CC

[..]"


From Chapter 5 of Robert C. Seacord's book "Secure Coding in C and C++" on 
WWW.AWProfessional.com/content/images/0321335724/samplechapter/seacord_ch05.pdf
(which annoyingly would not load on the first two attempts due to "The 
system detected a possible attempt to compromise security. Please ensure 
that you can contact the server that authenticated you."):

"Integers represent a growing and underestimated source of vulnerabilities 
in C
and C++ programs. This is primarily because boundary conditions for 
integers,
unlike other boundary conditions in software engineering, have been 
intentionally
ignored. [..]
[..]
Because all integer vulnerabilities are type range errors, type range 
checking.
if properly applied.can eliminate all integer vulnerabilities. Languages
such as Pascal and Ada allow range restrictions to be applied to any 
scalar type
to form subtypes. Ada, for example, allows range restrictions to be 
declared on
derived types using the range keyword:
type day is new INTEGER range 1..31;
The range restrictions are then enforced by the language runtime. C and
C++, on the other hand, are not nearly as good at enforcing type safety. 
Fortunately,
there are some avoidance strategies that can be used to reduce or 
eliminate
the risk from integer-type range errors.

[..]
Ensuring that operations on integers do not result in integer errors
requires considerable care. Programming languages such as Ada do a good 
job
of enforcing integer type ranges, but if you are reading this book, you 
are probably
not programming in Ada. Ideally, C and C++ compilers will one day provide
options to generate code to check for overflow conditions. But until that
day, it is a good idea to use one of the safe integer libraries discussed 
in this
chapter as a safety net.
As always, it makes sense to apply available tools, processes, and 
techniques
in the discovery and prevention of integer vulnerabilities. Static 
analysis
and source code auditing are useful for finding errors. [..]
[..]"


However, Ada is not mentioned in the index of the book and I do not know 
whether Ada is mentioned in another chapter of the book.

Regards,
Colin Paul Gloster, member of the A.C.C.U. and the S.I.G.Ada

ATOM RSS1 RSS2