SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 58

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 59

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e02a3b497abbbaad-7e549e11-4b104a6b-bb57bb13-9a25e9c849916e6a6fb3395b"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
\[Burch 06\] Burch, H.; Long, F.; & Seacord, R. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3181692bf653804a-efa02a10-4f484164-8b7bad98-19090c4a2cc5d6a8a4acb884"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
\[Callaghan 95\] B. Callaghan, B. Pawlowski, P. Staubach. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt]. June 1995.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="06e4247f005c28ff-73d3c69d-4ff94bbd-ad94a946-0cb4fcb32c224517020baa79"><ac:parameter ac:name="">CERT 06</ac:parameter></ac:structured-macro>
\[CERT 06\] CERT. [Managed String Library|http://www.cert.org/secure-coding/managedstring.html] (2006).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a61df8000dc6d427-1c9a63e1-47bf4df7-b6f1ba48-b5b0c1ce045ee346cb42b5ec"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
\[Dewhurst 02\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston, MA: Addison-Wesley Professional, 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="043d8bb20986a111-1348f298-44b94c86-944a8acc-3dca23de493b5bd2a434488d"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
\[Dowd 06\] Dowd, M.; McDonald, J.; & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston, MA: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ba2ef70ad40e914d-0664af73-4de74032-b8dba144-b26e1de6e4f97f9e18cc258b"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
\[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong).|http://people.redhat.com/drepper/defprogramming.pdf] May 3, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="09e5698b874250e8-554bc9d5-4bcb4eda-886fbb2b-f7ab2000a41ce2d58f611cf9"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
\[FSF 05\] Free Software Foundation. [GCC online documentation.|http://gcc.gnu.org/onlinedocs] (2005).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e6625a1e8203178b-716f57f7-4ed346cf-80bcb9c9-51ffe35250072d1c66f43bc1"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
\[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eb2f84ec7703c3ee-b8ff58f4-4c504b33-bf99aff6-fb0c36b2a1ade615e14feb67"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
\[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."&nbsp;

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0d635679535e0e10-49a21ca7-44914484-aced8b46-efc1ee18a2be4744ea4fb0f0"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
\[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November, 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2ad78118c42c5dd5-0e77540d-4bfb43af-b27fb99c-de937bd96c01641ca54b74db"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
\[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="83c60aea72384031-bf0899fa-4a4e4f49-b7b8b01b-aa3659222b59b9693bc99bbb"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
\[HP 03\] [Tru64 UNIX Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. January 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5bc2d0ba93142dbd-36102fb8-43f34420-ab6da2c2-7004c9c224361cad2170d5ea"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
\[ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a3f6d18595322446-25ddc1b7-4b0e4855-9499aa5e-b4b088c9fdef399dd896f389"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899-1999\] ISO/IEC 9899-1999. _Programming Languages --- C, Second Edition_, 1999.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c23b4e58391802bb-8c0dbcaf-4045444c-8f0ab71a-55acfcc65b0673587cff8336"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
\[ISO/IEC 03\] [Rationale for International Standard?Programming Languages?C Revision 5.10|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. April 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="605bcf519094adbf-71861e20-43e44309-b51580e4-e119b214f7a3942cc37c67a6"><ac:parameter ac:name="">ISO/IEC TR 24731-2006</ac:parameter></ac:structured-macro>
\[ISO/IEC TR 24731-2006\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. April, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="55e5fae276fc7620-c672ae82-4c6c4545-9035960e-49dc5e3a3b58cec0db0f6ef3"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
\[Kennaway 00\] Kris Kennaway. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3]. December 2000.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e95d447b50145bf1-3c1344bb-49424645-8c1ca79f-1e0f661019e8ccd008283a3f"><ac:parameter ac:name="">Kerrighan 88</ac:parameter></ac:structured-macro>
\[Kerrighan 88\] Kerrighan, B. W. & Ritchie, D. M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4986365ef65ca11e-da74480c-4366451d-9256939d-7fffc1fc96eaff48913f871c"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
\[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html] (February 2002).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="37271408a7c68869-1b1da8f6-4cd74192-8c5fa550-0ec4207eecea4add58ee5608"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
\[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html] (March 2003).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="19c13591d61c4dad-7293e1f2-43e14683-ba56830a-700997e0cf246775104f6b69"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
\[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html] (2002).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ff540b89544c4c55-fec2e864-44be4d08-a44bb20f-ff72bc690ef6b817c43f244b"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
\[Lai 06\] Ray Lai. [_Reading Between the Lines_|http://undeadly.org/cgi?action=article&sid=20061027031811]. OpenBSD Journal. October, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5ba251b0cda5d923-2b9618ae-4056429b-960fbe51-b44b077c0204193c73a88b82"><ac:parameter ac:name="">mercy</ac:parameter></ac:structured-macro>
\[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip] (January 2006).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fde843e3604b815c-5042218e-41f340ef-965aa21a-bd107a471ef336371565434e"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
\[MISRA 04\] MIRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4f9328dbc95ae186-23b61cc3-4390458f-a12ea241-5b6e490d8e5011f2a36e96b2"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
\[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9ae59621b03d4e26-a6af2c75-46b94ce8-8b748d37-2185645e72afb73cbc9200ca"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
\[NIST 06\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/] (2006).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="59e040d691214b2c-a2c88696-461a44ef-9ff2a043-82feba964293d2cce653887d"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro>
\[NIST 06b\] NIST. [DRAFT Source Code Analysis Tool Functional Specification. | http://samate.nist.gov/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] Information Technology Laboratory (ITL), oftware
Diagnostics and Conformance Testing Division. September, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b6efb96a905aeef4-312fc214-494041e1-998092d4-355135ecf7cdda663861488b"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro>
\[Open Group 97\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm] (1997).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="12b2f724f69034ec-4a5b2faa-4264403f-b9479fdb-199b84756a56440da4843bfb"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro>
\[Open Group 97b\] [_Go Solo 2 - The Authorized Guide to Version 2 of the Single UNIX Specification_|http://www.unix.org/whitepapers/64bit.html]. ISBN 0-13-575689-8. May 1997.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="835c0b1f0933e26b-35b6b8ad-4dbb440f-b0329c65-b1841929fb2271bfe08b4cde"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
\[Open Group 04\] The Open Group. "[_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm]." (2004).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2ac9d441e5518e7b-1c001bfe-49c64cb3-babca1d5-81776877347a315426fd7843"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
\[Plum 89\] Plum, Thomas, and Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6fe64687c2d3f5b0-e7f1f42d-4f604329-880797c9-e5caa18d036db302aa0e3bf2"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
\[Plum 91\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7f67f3d1d88dd15d-b2cafee1-41904e5f-9644b1db-43634d88f5b58f5918cf4dc8"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
\[Saks 99\] Dan Saks. [_const T vs.T const_|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]. Embedded Systems Programming. Pg. 13-16. February 1999.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e15b3f4c31533874-d10262fa-4ade4108-9ecfb410-8498b0206d3be30d9d82a82e"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="33ee3983a13849ae-b61324b4-4ba242ed-9072ac69-3b6e5e2e8087aecbe0791e52"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
\[Seacord 05a\] Seacord, R. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8459d07619f6555c-3a2d9f10-4982409f-853e9a8f-7195274e15491a4652a33769"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
\[Seacord 05b\] Seacord, R. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30-34.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c3c261da7c63851a-4ebddec7-4c994f60-9b989b45-bd982b5561bbbc326556c417"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
\[Summit 95\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0963e76110074ce8-bdbad10a-4a7f4426-a01ba3bc-5644b2884f28b5feecfb4119"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
\[Summit 05\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/] (2005).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="84448a926bdafcfc-c2006016-4bde4d1f-abc8a590-9c01d76de6b1d7e4e984f1de"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro>
\[van de Voort 07\] Marco van de Voort. [Development Tutorial (a.k.a Build FAQ)|http://www.stack.nl/~marcov/buildfaq.pdf]. January 29, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a61cdff262d6809b-1cfa6fc1-49ea49fe-98e5b193-3caf2c1df503fb6aa504135b"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
\[Viega 03\] Viega, John & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3dea5b7809552128-d563f5ca-4dfa4cdb-8c028d4d-4a3d463a00cfa109449c4f86"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
\[Viega 05\] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software. (2005)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e96c44b2e1518879-a88f9bd9-462c4e31-8b7ca2c9-12d70e558c320683b756a18d"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro>
\[VU#286468\] Burch, Hal. Vulnerability Note [VU#286468|http://www.kb.cert.org/vulnotes/id/286468], _Ettercap contains a format string error in the "curses_msg()" function_ (2007).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="954ba22b5cb1b838-bee8fde5-4fa94161-b40fbccf-ec8e8c4f1fa8d19905ff4673"><ac:parameter ac:name="">VU649732<>VU#551436</ac:parameter></ac:structured-macro>
\[VU#649732VU#551436\] GennariGiobbi, JeffRyan. Vulnerability Note [VU#649732VU#551436|http://www.kb.cert.org/vulnotes/id/649732551436], _SambaMozilla AFSFirefox ACLSVG mappingviewer VFSvulnerable plug-into formatbuffer string vulnerabilityoverflow_ (2007).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="afb2aa8e84f44ac7-1aaa5778-4caf-a716-ee27ca0f64e1"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
\[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL mapping VFS plug-in format string vulnerability_ (2007).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="70abf10a-bf47-4ad2-87b4-1c20f32270384590-8b96-d5883b1957f3"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
\[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability_ (2007).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="93a5f505e0803892-63501baf-4d59431f-8ae29ebc-993221a415290a0031ac3097"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
\[Warren 02\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional. 2002 (ISBN 0201914654).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="290db1c72a1c2ab6-6d4b2c3c-4b3f442f-b5879b69-a218f99f28872b00129361fa"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
\[Wheeler 03\] David Wheeler. [Secure Programming for Linux and Unix HOWTO, v3.010. |http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003.