SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 52

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 53

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cd20c044a9051b47-6497fff2-4a464e60-960cb984-6a17581e3110eeb7c895e337"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
\[Burch 06\] Burch, H.; Long, F.; & Seacord, R. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2908e0738c53a59d-4f706ab3-45d84989-a66c86a1-1a644a64bac3bad89563b828"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
\[Callaghan 95\] B. Callaghan, B. Pawlowski, P. Staubach. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt]. June 1995.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="47c974bb24ad8b31-80b3c8d0-40624724-a4db92c8-d135dffd779726d9cac2abb1"><ac:parameter ac:name="">CERT 06</ac:parameter></ac:structured-macro>
\[CERT 06\] CERT. [Managed String Library|http://www.cert.org/secure-coding/managedstring.html] (2006).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cbd0e68999542524-d0c28b2b-49054dcf-ad1e9a1c-875d733431ea1b5c248f4028"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
\[Dewhurst 02\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston, MA: Addison-Wesley Professional, 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="09fbbda79b49d184-c1f2a381-4aa842ad-b5dfb109-453fd4c19546c95f7329d420"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
\[Dowd 06\] Dowd, M.; McDonald, J.; & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston, MA: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a6a331b9db75e66f-90e6d212-4c304d97-8316b2b0-3057b8dd0266d71b1ec85a77"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
\[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong).|http://people.redhat.com/drepper/defprogramming.pdf] May 3, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d65abe941894edce-b7cb88b8-44ef4bdb-9a89b72d-70afa0cd5c15c1eb622274c8"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
\[FSF 05\] Free Software Foundation. [GCC online documentation.|http://gcc.gnu.org/onlinedocs] (2005).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1e0a2fb0770d45b7-8482a3d0-46bf4983-baa79a9e-e411f95a3a37aa924cea8112"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
\[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9fa79c199a2ff5f2-da0a8aac-4c5f4e8b-b631973e-d4c31f63e18e08095e1deaf9"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
\[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."&nbsp;

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bd3aeeb03fd4abac-bcc92f0d-4c774390-a557b890-b33e93575c6f749f47318be8"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
\[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November, 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2462894f9f460964-57ffd6ce-46d440c6-96b1a9eb-2afb16369bb4294c9bfb6e25"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
\[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="269016ccd7154e76-ecd0f22e-45704102-8de89a1c-410955f986c7ff573a448344"><ac:parameter ac:name="">ilja>HP 06<03</ac:parameter></ac:structured-macro>
\[iljaHP 0603\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006[Tru64 UNIX Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. January 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9b471c0dd84ae90c-e758c1cb-45954c2e-b4a7916a-623f78ef13ad2f8dc000e596"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac>ilja 06</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899-1999\] ISO/IEC 9899-1999. _Programming Languages --- C, Second Edition_, 1999ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a4d83624e369ec57-ec102b51-4db648b9-b89884d3-9fcfa69f9a3707bd64ade64d"><ac:parameter ac:name="">ISO/IEC TR 247319899-2006<1999</ac:parameter></ac:structured-macro>
\[ISO/IEC TR 247319899-20061999\] ISO/IEC TR 247319899-1999. _ExtensionsProgramming to the C Library, Languages --- PartC, I: Bounds-checking interfaces_. April, 2006Second Edition_, 1999.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8efc1039b7c85492-de575898-49944481-83538c13-77b85a241ff6076eced7ed78"><ac:parameter ac:name="">Kerrighan 88<>ISO/IEC TR 24731-2006</ac:parameter></ac:structured-macro>
\[Kerrighan 88ISO/IEC TR 24731-2006\] Kerrighan, B. W. & Ritchie, D. M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. April, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ccfe56f9455a3a26-e0778f9c-4ee7468a-96bdb1dd-d8c1c807d34f8ae4365b73e4"><ac:parameter ac:name="">Kettle>Kennaway 02<00</ac:parameter></ac:structured-macro>
\[KettlewellKennaway 0200\] Kettlewell,Kris RichardKennaway. [_C Language Gotchas_Re: /tmp topic|http://www.greenend.org.uk/rjk/2001/02/cfu.html] (February 2002)lwn.net/2000/1221/a/sec-tmp.php3]. December 2000.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ecd6af43a86914df-65376207-46b0450f-8971ac4c-b766b19bd78c79c8df27a0bb"><ac:parameter ac:name="">Kettle>Kerrighan 03<88</ac:parameter></ac:structured-macro>
\[Kerrighan 88\] Kerrighan, B. W. & Ritchie, D. M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c3714f76-13a8-45cd-8fb2-8e52b777700a"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
\[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html] (February 2002).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4b94525e-61ba-4a3f-aa61-dd49056d00d6"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
\[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html] (March 2003).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c8b33632-f1ce-47a6-ae99-b344a6c6acf1"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
\[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html] (2002).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ee59c88e-fc24-471a-9543-ee99e459d4f1"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
\[Lai 06\] Ray Lai. [_Reading Between the LinesKettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html] (March 2003)undeadly.org/cgi?action=article&sid=20061027031811]. OpenBSD Journal. October, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2701571a9a7d5b02-16df3121-4d524c09-a0d985cf-fbbedc3ced47b769c13cfa56"><ac:parameter ac:name="">Klein 02<>mercy</ac:parameter></ac:structured-macro>
\[Klein 02mercy\] Klein, Jackmercy. [_BulletExploiting Proof Integer Input Using strtol()Uninitialized Data_|http://homewww.att.net/~jackklein/c/code/strtol.htmlfelinemenace.org/papers/UBehavior.zip] (2002January 2006).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="38e53de484622754-db212e3b-49e747c6-b4ecb7a2-f5d34b07c27e93f208e46585"><ac:parameter ac:name="">Lai>MISRA 06<04</ac:parameter></ac:structured-macro>
\[LaiMISRA 06\] Ray Lai. [_Reading Between the Lines_|http://undeadly.org/cgi?action=article&sid=20061027031811]. OpenBSD Journal. October, 200604\] MIRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2e7b862afcba508c-8a238412-4cf54718-98038f91-71245b9f7c4aef72a91b3646"><ac:parameter ac:name="">mercy<>NASA-GB-1740.13</ac:parameter></ac:structured-macro>
\[mercy\] mercyNASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_ExploitingNASA Software UninitializedSafety DataGuidebook_|http://wwwpbma.felinemenace.org/papers/UBehavior.zip] (January 2006nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8df60f321da9ca39-94954bd5-46d74cc4-96679a24-03df7970f8f3ffd1380929ba"><ac:parameter ac:name="">MISRA>NIST 04<06</ac:parameter></ac:structured-macro>
\[MISRANIST 0406\] MIRA LimitedNIST. "[MISRA C_SAMATE Reference Dataset_|http://wwwsamate.misranist.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564Xgov/SRD/] (2006).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3452f2889451e555-7f8c086b-41ec404c-890fb0ed-fdee7c6d5d8ad8a1067576b1"><ac:parameter ac:name="">NASA-GB-1740.13<>NIST 06b</ac:parameter></ac:structured-macro>
\[NASA-GB-1740.13NIST 06b\] NASANIST. Glenn[DRAFT ResearchSource Center,Code OfficeAnalysis ofTool SafetyFunctional Assurance TechnologiesSpecification. [_NASA Software Safety Guidebook_|| http://pbmasamate.nasanist.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13)SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] Information Technology Laboratory (ITL), oftware
Diagnostics and Conformance Testing Division. September, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fa8decc58a24e7c8-115e3b75-4f2c49d9-84169220-d446cd9644ad29c616afca97"><ac:parameter ac:name="">NIST>Open Group 06<97</ac:parameter></ac:structured-macro>
\[NISTOpen Group 0697\] The Open NISTGroup. [_SAMATE Reference DatasetThe Single UNIX® Specification, Version 2_|http://samatewww.nistopengroup.govorg/onlinepubs/SRD7990989775/toc.htm] (20061997).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7f3a116361c73544-31492cc2-4d7945a5-b0d08fc6-b0a081a7ead46ff5aa40dfc2"><ac:parameter ac:name="">NIST>Open Group 06b<04</ac:parameter></ac:structured-macro>
\[NISTOpen Group 06b04\] The NISTOpen Group. [DRAFT Source Code Analysis Tool Functional Specification. | "[_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://samatewww.nistopengroup.govorg/onlinepubs/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] Information Technology Laboratory (ITL), oftware
Diagnostics and Conformance Testing Division. September, 2006.009695399/toc.htm]." (2004).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="97a0f468fd05fce9-37cdb4e3-42644f95-8981aa24-ce06c9fa8bb683bea55fb325"><ac:parameter ac:name="">Open>Plum Group 97<89</ac:parameter></ac:structured-macro>
\[OpenPlum Group 9789\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm] (1997Plum, Thomas, and Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1c1794330e39dbed-ce796388-4e3347de-872fbb38-c50b1a7a60a7e73894aae609"><ac:parameter ac:name="">Open>Plum Group 04<91</ac:parameter></ac:structured-macro>
\[OpenPlum Group 0491\] The Open GroupPlum, Thomas. "[_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm]." (2004_C+\+ Programming_. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2573fd765a3bfbb3-134c8b04-491c45e7-a29e8eeb-87b294d9645f74611ad0ce58"><ac:parameter ac:name="">Plum>Saks 89<99</ac:parameter></ac:structured-macro>
\[PlumSaks 8999\] Plum, Thomas, and Saks, DanDan Saks. [_Cconst Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).T vs.T const_|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]. Embedded Systems Programming. Pg. 13-16. February 1999.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1f14e6f0d0c99a96-16eb33e5-41f743c1-aeeba2ac-e92b1352ccc642d28d1cac0c"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
\[Plum 91\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).
Wiki Markup
:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c9eb7c423cf37dd3-bcad65a2-4c2041ab-99d1b3d2-b85ceeab3d8a2942a4ba1bcd"><ac:parameter ac:name="">Saks>Seacord 99<05a</ac:parameter></ac:structured-macro>
\[Saks 99\] Dan Saks. [_const T vs.T const_|\[Seacord 05a\] Seacord, R. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.dansakscert.comorg/articlesbooks/1999secure-02%20const%20T%20vs%20T%20const.pdfcoding]. Embeddedfor Systems Programming. Pg. 13-16. February 1999. news and errata.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c7c708cf-7a03-42e2-bf82-91efe01ac7b9"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3ad7c5a1-60a4-4bfa-ae94-e0b02f1b5f714156dbad-719b-4fef-9c62-672b91e9d648"><ac:parameter ac:name="">Seacord 05a<05b</ac:parameter></ac:structured-macro>
\[Seacord 05a05b\] Seacord, R. _Secure Coding in"Managed String Library for C, and C/C+\+_." Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata_Users Journal_ _23_, 10 (October 2005): 30-34.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d1350b403abc3c1f-2d24c66b-4a4c41f4-8a8e9316-7ef0a2c2801cf9eb4dcc7856"><ac:parameter ac:name="">Seacord>Summit 05b<95</ac:parameter></ac:structured-macro>
\[SeacordSummit 05b95\] SeacordSummit, RSteve. "Managed_C StringProgramming LibraryFAQs: forFrequently C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30-34Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3abf304a2df680e5-b954477d-48c84914-bbce8060-0feb5fe19a42be421e9a1595"><ac:parameter ac:name="">Summit 95<05</ac:parameter></ac:structured-macro>
\[Summit 9505\] Summit, Steve. _C Programming FAQs: [_comp.lang.c Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199|http://c-faq.com/] (2005).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e74700ab6716c159-ba5f6528-443247a6-82ee9c42-9eda47152fef1a3d9469458e"><ac:parameter ac:name="">Summit>Viega 05<03</ac:parameter></ac:structured-macro>
\[SummitViega 0503\] Summit Viega, John & Messier, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/] (2005Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6515270c692c7e8e-47021bf3-4d214b69-80578415-f2a102679109f7e0843bf3cf"><ac:parameter ac:name="">Viega 03<05</ac:parameter></ac:structured-macro>
\[Viega 03\] Viega, John & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).05\]  Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software. (2005)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c4b1635f55889eed-146e9e42-4b5e4e57-ba54a589-7628baae4d96d6b00878f2ac"><ac:parameter ac:name="">Viega>Warren 05<02</ac:parameter></ac:structured-macro>
\[ViegaWarren 0502\] Warren, Viega,Henry JohnS. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software. (2005)_Hacker's Delight_. Boston, MA: Addison Wesley Professional. 2002 (ISBN 0201914654).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fbad68dd687424fc-defb9f51-4abf4e55-ae2fa5e5-f21e7bd914e2a0df1a3848be"><ac:parameter ac:name="">Warren>Wheeler 02<03</ac:parameter></ac:structured-macro>
\[WarrenWheeler 0203\] Warren,David Henry S. _Hacker's Delight_. Boston, MA: Addison Wesley Professional. 2002 (ISBN 0201914654)Wheeler. [Secure Programming for Linux and Unix HOWTO, v3.010. |http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003.