Secure Coding

• SEI CERT Coding Standards
• Lecture 20 - Secure Coding in C & C++
• HTTP Cat

Examples

• p = malloc(n * sizeof(p)), what if n is wrapped?
• if (UINT_MAX - ui_a < ui_b) to check wrap-around. Post vs. Pre check.
• HTTP redirection
  • Check if redirected page is in DOMAINS_ALLOW_LIST
  • Interpret the options
• XML Parsing, resolve_entities=True?
• Vulnerable RegEx on vulnerable input. Catastrophic backtracking.
  • Exponentially ambiguous regex.
    • Nested quantifiers → exponential
    • Quantifying a disjunction (a|a)* → exponential
    • Concatenated quantifiers → polynomial
  • Solutions
    • Use Google re2
    • Limit regex engine resource (timeout)
    • Limit input size