SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 61 Next »

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e31800fe-81c0-44d4-9667-2a71abf3347f"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
[Burch 06] Burch, H.; Long, F.; & Seacord, R. Specifications for Managed Strings (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="35ebfec6-cdce-4965-87c8-cfd715ac362a"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
[Callaghan 95] Callaghan, B.; Pawlowski, B.; & Staubach, P. IETF RFC 1813 NFS Version 3 Protocol Specification (June 1995).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="70df5197-f855-4eaf-9b9f-4f61d474067b"><ac:parameter ac:name="">CERT 06</ac:parameter></ac:structured-macro>
[CERT 06] CERT. Managed String Library (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8d9fd490-4419-4089-bedd-e37e58ab143c"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
[Dewhurst 02] Dewhurst, Stephen C. C++ Gotchas: Avoiding Common Problems in Coding and Design. Boston, MA: Addison-Wesley Professional, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="958d5f84-36b1-4e3d-af63-8ba8a7821413"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
[Dowd 06] Dowd, M.; McDonald, J.; & Schuh, J. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. Boston, MA: Addison-Wesley, 2006. See http://taossa.com for updates and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="24a8fe50-4305-4f9f-a699-c4d76a87665a"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
[Drepper 06] Drepper, Ulrich. Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong). May 3, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b95f30cc-2ac4-4f6c-a997-96ee46579f16"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
[FSF 05] Free Software Foundation. GCC online documentation (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="885f6fbe-67d3-46c9-a212-a208dad55c60"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
[Graff 03] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7e4ee325-a543-45b4-9c2f-a41d0a75f075"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
[Griffiths 06] Griffiths, Andrew. "Clutching at straws: When you can shift the stack pointer." 

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="924f7f6c-ac59-4a1d-ad4c-b3cc655812ae"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
[Haddad 05] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." Linux World Magazine, November, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fdc5173b-7507-4e35-bad2-95fe7e232a36"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
[Hatton 95] Hatton, Les. Safer C: Developing Software for High-Integrity and Safety-Critical Systems. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b58b4698-8ab9-4972-93d4-59e6e45d1efd"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
[HP 03] Tru64 UNIX: Protecting Your System Against File Name Spoofing Attacks. Houston, TX: Hewlett-Packard Company, January 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="de233320-d76d-4e53-9f54-027ab4bde1ea"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
[ilja 06] ilja. "readlink abuse." ilja's blog, August 13, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8afa863b-3e41-4f19-b872-925fc04fb916"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
[ISO/IEC 9899-1999] ISO/IEC 9899-1999. Programming Languages — C, Second Edition. Geneva, Switzerland: International Organization for Standardization, 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6fd63eff-4699-4b9a-904a-c733414017df"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
[ISO/IEC 03] Rationale for International Standard — Programming Languages — C, Revision 5.10. Geneva, Switzerland: International Organization for Standardization, April 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="de449474-0d85-4638-ad66-fda6729ab44d"><ac:parameter ac:name="">ISO/IEC TR 24731-2006</ac:parameter></ac:structured-macro>
[ISO/IEC TR 24731-2006] ISO/IEC TR 24731. Extensions to the C Library, — Part I: Bounds-checking interfaces. Geneva, Switzerland: International Organization for Standardization, April 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="204392ac-f0ef-49b5-9693-bcf4a45dfb78"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
[Kennaway 00] Kennaway, Kris. Re: /tmp topic (December 2000).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="69a38ba1-8faf-41dd-a495-fdb8dad2c665"><ac:parameter ac:name="">Kerrighan 88</ac:parameter></ac:structured-macro>
[Kerrighan 88] Kerrighan, B. W. & Ritchie, D. M. The C Programming Language, 2nd ed. Englewood Cliffs, NJ: Prentice-Hall, 1988.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="74c36e57-d2d4-4f96-bac0-ed2f3bc9401a"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
[Kettlewell 02] Kettlewell, Richard. C Language Gotchas (February 2002).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cca92b37-85e2-4eaa-8c84-87a7533c3375"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
[Kettlewell 03] Kettlewell, Richard. Inline Functions In C (March 2003).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a1186808-4c89-4a46-86ee-cb46c761d4dd"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
[Klein 02] Klein, Jack. Bullet Proof Integer Input Using strtol() (2002).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f088b287-5879-4e69-9225-b59ac4cf74d8"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
[Lai 06] Lai, Ray. "Reading Between the Lines." OpenBSD Journal, October 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="09d3b349-21fe-41ce-a8c9-48afe6803ccd"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro>
[Lions 96] Lions, J. L. ARIANE 5 Flight 501 Failure Report. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e8c91827-efa4-4dca-9b5c-bc88734c8d43"><ac:parameter ac:name="">mercy</ac:parameter></ac:structured-macro>
[mercy] mercy. Exploiting Uninitialized Data (January 2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="651e7c81-ccd6-42a2-a914-5a3c68edfae5"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
[MISRA 04] MIRA Limited. "MISRA C: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3afc3962-1d26-438e-b899-09bc5c388f0c"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
[NASA-GB-1740.13] NASA Glenn Research Center, Office of Safety Assurance Technologies. NASA Software Safety Guidebook (NASA-GB-1740.13).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5bae77f7-6bb0-4b33-aee6-e2dded0f64b2"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
[NIST 06] NIST. SAMATE Reference Dataset (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c6611d96-2765-4a18-b52c-0feb2b1de578"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro>
[NIST 06b] NIST. DRAFT Source Code Analysis Tool Functional Specification. NIST Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, September 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="368f0647-d4bc-4378-a3ba-1c206d55d516"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro>
[Open Group 97] The Open Group. The Single UNIX® Specification, Version 2 (1997).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3d9479ff-1698-4766-80a6-55dd88a98a89"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro>
[Open Group 97b] The Open Group. Go Solo 2 - The Authorized Guide to Version 2 of the Single UNIX Specification (May 1997).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a388b323-e376-4b8e-b02c-100f3b07852c"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
[Open Group 04] The Open Group and the IEEE. The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition (2004).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eb67695b-53e7-4f98-8094-442a61e3fdf5"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
[Plum 89] Plum, Thomas, & Saks, Dan. C Programming Guidelines, 2nd ed. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b97f0b32-3d1a-4b63-9982-fde854cfff67"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
[Plum 91] Plum, Thomas. C++ Programming. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6f03ebf4-333c-45ae-9351-aec1ce78a224"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
[Saks 99] Saks, Dan. "const T vs.T const." Embedded Systems Programming, February 1999, pp. 13-16.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dee1649a-c36a-47fc-903a-b60611fced85"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ce49fe6b-665c-4fe4-b59e-c0770192c772"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
[Seacord 05a] Seacord, R. Secure Coding in C and C++. Boston, MA: Addison-Wesley, 2005. See http://www.cert.org/books/secure-coding for news and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="efc14570-096b-4957-9c1e-7031bac09e33"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
[Seacord 05b] Seacord, R. "Managed String Library for C, C/C++." Users Journal 23, 10 (October 2005): 30-34.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="254d488b-16b6-46f0-9e43-ac26d62da436"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
[Summit 95] Summit, Steve. C Programming FAQs: Frequently Asked Questions. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="36810a96-f25e-43aa-8b8a-f5b2dd2451f9"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
[Summit 05] Summit, Steve. comp.lang.c Frequently Asked Questions (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d6d40dc5-8471-4f10-a398-d24f1452d712"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro>
[van de Voort 07] van de Voort, Marco. Development Tutorial (a.k.a Build FAQ) (January 29, 2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d2800bd9-75db-435d-92b3-3ce85f885aeb"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
[Viega 03] Viega, John & Messier, Matt. Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bed0a0e3-99a7-4f92-a1e4-e936d4b40beb"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
[Viega 05] Viega, John. CLASP Reference Guide Volume 1.1. Secure Software, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5f97fb3b-4880-4c67-885a-e79d79215bdd"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro>
[VU#286468] Burch, Hal. Vulnerability Note VU#286468, Ettercap contains a format string error in the "curses_msg()" function (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9507fe44-5b88-4bba-8a00-8825a196e101"><ac:parameter ac:name="">VU#551436</ac:parameter></ac:structured-macro>
[VU#551436] Giobbi, Ryan. Vulnerability Note VU#551436, Mozilla Firefox SVG viewer vulnerable to buffer overflow (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c2e0838c-7b74-4950-82cc-b61b354a67ba"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
[VU#649732] Gennari, Jeff. Vulnerability Note VU#649732, Samba AFS ACL mapping VFS plug-in format string vulnerability (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eb09fd21-d688-4b2a-b70e-65fff56483b0"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
[VU#881872] Manion, Art & Taschner, Chris. Vulnerability Note VU#881872, Sun Solaris telnet authentication bypass vulnerability (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="09100161-2d9d-4972-b7b8-d96c93505020"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
[Warren 02] Warren, Henry S. Hacker's Delight. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="78e90249-fb4e-4073-a868-b60416262993"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
[Wheeler 03] Wheeler, David. Secure Programming for Linux and Unix HOWTO, v3.010 (March 2003).

  • No labels