Revision as of 17:22, 27 August 2018 edit 145.132.78.225 (talk) and more ← Previous edit		Revision as of 12:20, 27 October 2018 edit undo Jhertel (talk \| contribs) Extended confirmed users 4,574 edits →Integer-overflow prevention: Attempt to rewrite section which in its totality didn't make sense before. Also made clear that the language is C++; other languages might limit the size of an "unsigned int" only to available system memory and/or throw an exception on overflow, in which case this problem doesn't exist in that language. Comparison to MAX also changed from < to <=, as the name MAX (="maximum") implies that the value MAX is a valid value. Tag: Visual edit Next edit →
Line 11: [[Buffer overflow]]s, a common software security vulnerability, happen when a process tries to store data beyond a fixed-length buffer. For example, if there are 8 slots to store items in, there will be a problem if there is an attempt to store 9 items. In computer memory the overflowed data may overwrite data in the next ___location which can result in a security vulnerability (stack smashing) or program termination (segmentation fault).<ref name="bss2001"/> An example of a [[C (programming language)\|C]] program prone to a buffer overflow is<syntaxhighlight lang="c++"> int vulnerable_function(char * large_user_input) { char dst[SMALL]; Line 49: [[Integer overflow]] occurs when an arithmetic operation results in an integer too large to be represented within the available space. A program which does not properly check for integer overflow introduces potential software bugs and exploits. Below is a ~~program~~function in [[C++]] which ~~checks~~attempts ~~for~~to ~~overflow~~confirm ~~by confirming~~that the sum ~~is greater than or equal to~~of x and y. Ifis ~~the~~less ~~sum~~than ~~did~~or ~~overflow,~~equal ~~the~~to ~~sum~~a ~~would~~defined bevalue ~~less than x or less than y.~~MAX: <syntaxhighlight lang="c++"> bool ~~isValid~~sumIsValid_flawed(unsigned int x, unsigned int y) { unsigned int sum = x + y; return sum <= MAX; } </syntaxhighlight> The problem with the code is it does not check for integer overflow on the addition operation. If the sum of x and y is greater than the maximum possible value of an <code>unsigned int</code>, the addition operation will overflow and perhaps<!-- Note that an overflow will not always result in the calculated sum being less than MAX; MAX might be relatively small and both x and y relatively big, so even an overflow might still be greater than MAX. Example: x=y=UINT_MAX, MAX=1000000. --> result in a value less than or equal to MAX, even though the sum of x and y is greater than MAX. If the sum of x and y are less than the defined MAX, the program will return true, otherwise isValid will return false. The problem with the code is it does not check for integer overflow on the addition operation. If the sum of x and y is greater than the available space to store the integer, the integer will overflow and “roll over” to a value less than MAX. Below is a program which checks for overflow by confirming the sum is greater than or equal to both x and y. If the sum did overflow, the sum would be less than x or less than y. <syntaxhighlight lang="c++"> bool ~~isValid~~sumIsValid_secure(unsigned int x, unsigned int y) { unsigned int sum = x + y; return sum >= x && sum >= y && sum <= MAX; } </syntaxhighlight>

Secure coding: Difference between revisions