SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 58 Next »

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e1f6bd14-434f-459f-aa9d-358c7f4c6f90"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
[Burch 06] Burch, H.; Long, F.; & Seacord, R. Specifications for Managed Strings (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ed96bf86-e53e-4bad-88f9-fede0c437708"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
[Callaghan 95] B. Callaghan, B. Pawlowski, P. Staubach. IETF RFC 1813 NFS Version 3 Protocol Specification. June 1995.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a7675b2e-5166-45ce-93ab-a2a32ea9c5d4"><ac:parameter ac:name="">CERT 06</ac:parameter></ac:structured-macro>
[CERT 06] CERT. Managed String Library (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ad09b5ea-4f18-4c24-a330-66a2b09698cc"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
[Dewhurst 02] Dewhurst, Stephen C. C++ Gotchas: Avoiding Common Problems in Coding and Design. Boston, MA: Addison-Wesley Professional, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4e5e12b0-8681-4e10-b472-2e8ecd7116b5"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
[Dowd 06] Dowd, M.; McDonald, J.; & Schuh, J. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. Boston, MA: Addison-Wesley, 2006. See http://taossa.com for updates and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="57949833-fdcc-4842-90e8-3dd29d09dfca"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
[Drepper 06] Drepper, Ulrich. Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong). May 3, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="29ecf0c5-1cda-4119-bacb-36e456f6c1b0"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
[FSF 05] Free Software Foundation. GCC online documentation. (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7af6b7fb-53f0-4c70-a4e9-86f21867d2bf"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
[Graff 03] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4b13423b-8a29-4bbd-8172-e05f7089401c"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
[Griffiths 06] Griffiths, Andrew. "Clutching at straws: When you can shift the stack pointer." 

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f78b1312-0211-4ef0-ae57-a601d1f7a65a"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
[Haddad 05] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." Linux World Magazine, November, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bbf1b932-9f04-4884-ae89-f980693320e4"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
[Hatton 95] Hatton, Les. Safer C: Developing Software for High-Integrity and Safety-Critical Systems. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7b576757-8b33-4fcd-ac0f-ab781d6cccbd"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
[HP 03] Tru64 UNIX Protecting Your System Against File Name Spoofing Attacks. January 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0c6a77a8-d5e9-418a-b081-a71dba9b4f74"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
[ilja 06] ilja. "readlink abuse." ilja's blog, August 13, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7b38e11b-adc0-4e43-a025-44a64857d4d7"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
[ISO/IEC 9899-1999] ISO/IEC 9899-1999. Programming Languages — C, Second Edition, 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5772a2a2-8ccd-4818-930d-1a3bb9faa25b"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
[ISO/IEC 03] Rationale for International Standard?Programming Languages?C Revision 5.10. April 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5556e9a9-6ad8-4fcd-bab6-dad265686d58"><ac:parameter ac:name="">ISO/IEC TR 24731-2006</ac:parameter></ac:structured-macro>
[ISO/IEC TR 24731-2006] ISO/IEC TR 24731. Extensions to the C Library, — Part I: Bounds-checking interfaces. April, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="141f362c-b28a-4239-9ac6-7918a8960648"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
[Kennaway 00] Kris Kennaway. Re: /tmp topic. December 2000.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3b1f5dd7-f096-41f3-8f14-9b771f9d6122"><ac:parameter ac:name="">Kerrighan 88</ac:parameter></ac:structured-macro>
[Kerrighan 88] Kerrighan, B. W. & Ritchie, D. M. The C Programming Language, 2nd ed. Englewood Cliffs, NJ: Prentice-Hall, 1988.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="90b4312d-0d5d-4cee-ac5d-4b8935d60612"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
[Kettlewell 02] Kettlewell, Richard. C Language Gotchas (February 2002).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1a364833-ba63-431c-83c1-6c702e18eb0e"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
[Kettlewell 03] Kettlewell, Richard. Inline Functions In C (March 2003).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="398a2f12-4d34-4bb9-aedd-e02a801a7ce3"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
[Klein 02] Klein, Jack. Bullet Proof Integer Input Using strtol() (2002).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bd336a93-1601-4bf2-892d-2f851835f743"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
[Lai 06] Ray Lai. Reading Between the Lines. OpenBSD Journal. October, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7747cfc2-db81-460a-84e3-2238f797c188"><ac:parameter ac:name="">mercy</ac:parameter></ac:structured-macro>
[mercy] mercy. Exploiting Uninitialized Data (January 2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1823c8bd-56c4-49cb-b7ea-e4e839c0c545"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
[MISRA 04] MIRA Limited. "MISRA C: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5a872d31-f32f-40e3-85f7-d5549d3be593"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
[NASA-GB-1740.13] NASA Glenn Research Center, Office of Safety Assurance Technologies. NASA Software Safety Guidebook (NASA-GB-1740.13).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="84886dfa-2f5b-429c-92a1-cda3f91f8beb"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
[NIST 06] NIST. SAMATE Reference Dataset (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="23e79455-d19c-4dc3-9f12-62e9cbcf66d5"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro>
[NIST 06b] NIST. DRAFT Source Code Analysis Tool Functional Specification. Information Technology Laboratory (ITL), oftware
Diagnostics and Conformance Testing Division. September, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4cf7fd23-eb02-423d-9dc4-c6c86f4d1475"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro>
[Open Group 97] The Open Group. The Single UNIX® Specification, Version 2 (1997).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e62e829b-ca52-4736-8495-40bc9cd19af0"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro>
[Open Group 97b] Go Solo 2 - The Authorized Guide to Version 2 of the Single UNIX Specification. ISBN 0-13-575689-8. May 1997.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bdbbbf94-ff2c-4bad-826a-b1e9b0136cc3"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
[Open Group 04] The Open Group. "The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition." (2004).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2e83d82c-071f-4513-b2a6-81a0866cdf48"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
[Plum 89] Plum, Thomas, and Saks, Dan. C Programming Guidelines, 2nd ed. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cb9043b4-7df3-418d-92cd-62b78098a543"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
[Plum 91] Plum, Thomas. C++ Programming. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e5711521-f3c0-474d-873c-12a2665e34e8"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
[Saks 99] Dan Saks. const T vs.T const. Embedded Systems Programming. Pg. 13-16. February 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aa51f79c-9890-4bd8-90af-17704ed8f1fe"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="28095e45-18e9-44bf-b518-b353a67bb853"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
[Seacord 05a] Seacord, R. Secure Coding in C and C++. Boston, MA: Addison-Wesley, 2005. See http://www.cert.org/books/secure-coding for news and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="daa39c03-45ff-4ed2-9b02-e4e6205103c5"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
[Seacord 05b] Seacord, R. "Managed String Library for C, C/C++." Users Journal 23, 10 (October 2005): 30-34.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="554d651f-44cc-4179-a613-3ead13b79331"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
[Summit 95] Summit, Steve. C Programming FAQs: Frequently Asked Questions. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f9f9362c-ac21-48ca-bf55-27d010270173"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
[Summit 05] Summit, Steve. comp.lang.c Frequently Asked Questions (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="90b93184-516a-4d17-9b4a-c05578a2b2d2"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro>
[van de Voort 07] Marco van de Voort. Development Tutorial (a.k.a Build FAQ). January 29, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="42c9336e-5617-4879-a925-95011f25355e"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
[Viega 03] Viega, John & Messier, Matt. Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0e599c16-bdec-4d6e-b29b-faeb27eeb10f"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
[Viega 05] Viega, John. CLASP Reference Guide Volume 1.1. Secure Software. (2005)

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d043e454-e7d7-4c10-834c-474744e98bde"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro>
[VU#286468] Burch, Hal. Vulnerability Note VU#286468, Ettercap contains a format string error in the "curses_msg()" function (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4373b29c-8f4f-4d1e-9a25-910b30bbc02d"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
[VU#649732] Gennari, Jeff. Vulnerability Note VU#649732, Samba AFS ACL mapping VFS plug-in format string vulnerability (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b3813dca-6ae1-4b6c-b5f8-3d3d42f87031"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
[VU#881872] Manion, Art & Taschner, Chris. Vulnerability Note VU#881872, Sun Solaris telnet authentication bypass vulnerability (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7fedf8f3-f542-432c-8350-0b6e6f36b60a"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
[Warren 02] Warren, Henry S. Hacker's Delight. Boston, MA: Addison Wesley Professional. 2002 (ISBN 0201914654).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ee8e06ce-f010-4159-8f6f-9270de9fd880"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
[Wheeler 03] David Wheeler. Secure Programming for Linux and Unix HOWTO, v3.010. , March 2003.

  • No labels