SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 56

changes.mady.by.user Pamela Curtis

Saved on

compared with

New Version 57

changes.mady.by.user Pamela Curtis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="04c62a969346a23f-d9e7eaea-44984a93-9091bfa4-a98792614a2c2f135c15cbca"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
\[Burch 06\] Burch, H.; Long, F.; & Seacord, R. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0aed6c292a116d12-56d2c89c-41f64043-bf288ea9-af4f2ab4bb1786192fbc9093"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
\[Callaghan 95\] B. Callaghan, B. Pawlowski, P. Staubach. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt]. June 1995.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8b4f6e8a816b1f05-02559881-4bfe49be-98dfb9b1-1f9f26404338747dc7937112"><ac:parameter ac:name="">CERT 06</ac:parameter></ac:structured-macro>
\[CERT 06\] CERT. [Managed String Library|http://www.cert.org/secure-coding/managedstring.html] (2006).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cabdcd0dfa9724c6-e4dfa316-48614a8a-ae06a93b-275a5c380239daf0f509854c"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
\[Dewhurst 02\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston, MA: Addison-Wesley Professional, 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="355018b39f8bca7c-b71b8122-4cab402f-8bac98ed-1b08fbf316b26ce4e8eb0ed9"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
\[Dowd 06\] Dowd, M.; McDonald, J.; & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston, MA: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="288ca2eb3766aa13-2d7580b8-42934c67-8a77a50d-55cbe608da78ac25fb69384f"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
\[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong).|http://people.redhat.com/drepper/defprogramming.pdf] May 3, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ad4c7da69907f316-aba43ecc-4c504059-8e449910-f8e353597970c3787d9e5d19"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
\[FSF 05\] Free Software Foundation. [GCC online documentation.|http://gcc.gnu.org/onlinedocs] (2005).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a9ba7e02191eb0c0-0a894ac4-429f4d4f-acd998de-608c20c6f14f6d53371fe034"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
\[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c026f5cd9a3cb819-12df4704-486f402a-80a9bb39-7837919cd6bf2eb9d7e9ab44"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
\[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."&nbsp;

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d929ec5184ebca9e-13cc1f0c-47bb410b-a88faa41-6ee5615957267fc29b4b3269"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
\[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November, 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ea1c48dd403d828e-73bcbe53-4f014c93-a6cd8c4a-9d49b6de370d035f0dba505a"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
\[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d08b35a08a5de621-5fed9c88-4f01417c-815d9829-ebe95b216827eb7a25a88e43"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
\[HP 03\] [Tru64 UNIX Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. January 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b379fe51e88a33c1-056cd696-454844b5-acd6b93d-06d61213ca3dfdca6ab60a82"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
\[ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="21908ecd8d318c1b-267d1fd3-4fd141b3-b0199474-4638bbdf399c1047db06d6c7"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899-1999\] ISO/IEC 9899-1999. _Programming Languages --- C, Second Edition_, 1999.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cb686cc233aa638b-346faed7-499049a7-827b9c6a-50f87489b61ccac8427d1374"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
\[ISO/IEC 03\] [Rationale for International Standard?Programming Languages?C Revision 5.10|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. April 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="45974641f61f1ebd-30ab78b9-436f483e-a6cb89a1-8aad6c49ae861e120b599c46"><ac:parameter ac:name="">ISO/IEC TR 24731-2006</ac:parameter></ac:structured-macro>
\[ISO/IEC TR 24731-2006\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. April, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="10f2a700d6fe383c-4d2ead02-4afa49e5-a882b3dc-fb231430c55e18a5f4c024dd"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
\[Kennaway 00\] Kris Kennaway. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3]. December 2000.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e0c309fc2eaf64e8-555bcc7b-46bb4bf4-a382a9e9-bafa418d73f83de345878fe7"><ac:parameter ac:name="">Kerrighan 88</ac:parameter></ac:structured-macro>
\[Kerrighan 88\] Kerrighan, B. W. & Ritchie, D. M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="89d3326814503165-bc8858c0-48724d80-b6e1b40e-3b41fe118156ca142ed66ca2"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
\[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html] (February 2002).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="503b58519177033f-877a4c4d-48f94225-a0a099fa-a39de1176669f42232327b76"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
\[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html] (March 2003).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="84727729751a7c6d-99ffd530-4bbd4f6c-9566ba9f-68ca86202fa30d0f4a6f1730"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
\[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html] (2002).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aaf259895d9028cc-bf9c677d-4c60423d-ad579b18-3ffa17c954e21ca4833a286f"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
\[Lai 06\] Ray Lai. [_Reading Between the Lines_|http://undeadly.org/cgi?action=article&sid=20061027031811]. OpenBSD Journal. October, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a36d5ea8aeda85d3-8647f6eb-472d4476-8ec4847c-c4cd0faff75b3799e085c067"><ac:parameter ac:name="">mercy</ac:parameter></ac:structured-macro>
\[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip] (January 2006).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="98f212a6b68d5a8f-aa8e9c80-43204e0e-b5839e01-68799f5b8ddf7f42b85d6e60"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
\[MISRA 04\] MIRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bb0d8d9b0b35ca20-4149a7ff-40404b1c-a3fabe26-1f2847f6513d432a0f759ef8"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
\[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4e0bf9b93336c4fc-d61caf79-46364ec9-aaef901c-73f509ff76f5d6666c195da5"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
\[NIST 06\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/] (2006).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7d453731388c11ae-4810751f-44da4c73-a150941a-5c39b1557cf5f6f5d02e004f"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro>
\[NIST 06b\] NIST. [DRAFT Source Code Analysis Tool Functional Specification. | http://samate.nist.gov/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] Information Technology Laboratory (ITL), oftware
Diagnostics and Conformance Testing Division. September, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e7bce19b95cc8077-ab43456b-402e4e24-ad718e14-061032b6a900559e997790eb"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro>
\[Open Group 97\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm] (1997).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b6a3866a4811672a-272332d6-400b424c-b43fa848-64409b86d721d9cfc62bb8c1"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
\[Open Group 04\] The Open Group. "[_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm]." (2004).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="71d3b3bf7e145986-96a5472c-4aa64350-aa5fa5bd-0599bfd6d5429d1d44ac5af5"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
\[Plum 89\] Plum, Thomas, and Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="46255b511127e884-9d5dd52a-4eb34c52-98799c39-a5fb120751b8af2d6c80eef2"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
\[Plum 91\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c40539dd4bba9baa-2d05bfa2-40b84a3e-a1e680f8-481e764be88824c3907d574a"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
\[Saks 99\] Dan Saks. [_const T vs.T const_|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]. Embedded Systems Programming. Pg. 13-16. February 1999.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6acf91e07b83bd00-f5238cd8-4bbb43bc-b86884cc-26fd905f8cee45d263dd5d88"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6fcd2bd4be38e3e2-ac30a267-41a94ef1-9b33a3a4-5000e49def570ff3f42a3c5d"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
\[Seacord 05a\] Seacord, R. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3a459029a5c7540f-159f8d3c-454742c1-b9598404-bc2c4fbfe78f362c3b70a3bc"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
\[Seacord 05b\] Seacord, R. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30-34.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cc2efc20657935f7-dcf3ed8d-4d194d74-ad0baf17-016bcae4a5c93c103622078b"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
\[Summit 95\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0e8e76e018aa96c1-939325a6-438b4029-99b4b205-70d7aaf1b80cc76e98353e3a"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
\[Summit 05\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/] (2005).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fced7222b423de48-f9ce19d5-459947be-b7deb1f1-b0385261ca9c48529a66a8c2"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
\[Viega 03\] Viega, John & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8844ae49fe85d00b-49d6bd1f-47204ca8-b3f2bfc0-19e64da651820787a9c1e96b"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
\[Viega 05\] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software. (2005)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e92418672b0c097e-164bb86b-4fbc4485-ae4482ed-a56e2bb9bbc66a01d950a0ca"><ac:parameter ac:name="">VU881872<>VU286468</ac:parameter></ac:structured-macro>
\[VU#881872VU#286468\] ManionBurch, Art & Taschner, ChrisHal. Vulnerability Note [VU#881872VU#286468|http://www.kb.cert.org/vulnotes/id/881872286468], _Sun Solaris telnet authentication bypass vulnerabilityEttercap contains a format string error in the "curses_msg()" function_ (2007).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="78e12d78a6c9d38b-f697-4549-b1fc-0209da5872b2"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
\[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL mapping VFS plug-in format string vulnerability_ (2007).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0c89775c-b479-4c09-815f-dc67d10588b4"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
\[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability_ (2007).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7f088801-14d6-4e84-95fb-1014d490b498983c-4bea-9e0c-ff4e1defcf22"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
\[Warren 02\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional. 2002 (ISBN 0201914654).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e2cec346a0ace080-e98a5b20-48514b18-8481bc76-29d06b13dc61545f3bef5c94"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
\[Wheeler 03\] David Wheeler. [Secure Programming for Linux and Unix HOWTO, v3.010. |http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003.