Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
RE: Research on Source Code Review -C
From: Marc Sherman (mshermango-eol.com)
Date: Wed Jun 11 2003 - 08:01:27 CDT
Have you looked at the methodology used by the OpenBSD team? I believe they perform exhaustive source code reviews for their platform which has given OpenBSD a very good reputation it terms of secure code.
From: dwar keeper [mailto:dwarkeeperhotmail.com]
Sent: Saturday, June 07, 2003 10:44 AM
Subject: Research on Source Code Review -C
Am looking to develop source code review guidelines for code written in
c/c++. I have found a few documents on the net but nothing that could be
really followed along to do source code review. I also wanted to know what
people in the field are actually doing and also if they could provide
first hand experience as to what all they look for and how.
Some of the software we write also is used on different flav. of UNIX,
thus how would that impact on finding such as heap overflows (simply would
it even be a finding if the software is run on solaris as opposed to linux
where dl malloc is used and it is actually a heap overflowetc) ? I want to
try and build and exaustive list of functions and a detailed document of
what all functions, steps to look at on while performing a ssource code
I have started with a list of functions for stack already, they have been
compiled by looking at most of the pre-existing tools (Flawfinder/RATS
etc) and am also trying to classify all the different types of flaws that
could occur. I am sure there are a lot of people on this list who have a
lot more information, I want to just try to collate it all and in the end
shall try and post it to the list too so every can gain from this if
Thanks in advance for all your help.
I have some examples here as to what flaws to look for please add more and
give some description or provide a link, thanks.
Problem functions listed in stack_func.txt attached.
Ways to stop stack overflows are either use other functions which validate
the input or disable stack execution ( however if return into libc is
used, this attack will still be successful for disabled stack execution so
always use validated functions or compile with safe versions of gcc).
Problems that could arise in the heap due to use of contiguos blocks to
store data and the first variable overwrites data into the second block.
The overhead part of each block, which contains the address of the next
location to execute could be overwritten and thus /bin/sh could be called
or something along those lines.
Functions that couse cause such problems are -
Possible solutions using canary values between variables, what else could
be possible solutions? What are the possible functions on this?
C) Format string
locating all "F" class of functions and validating the format.
D) Off by one
E) Race Condition
F) Dead lock
G) Implementations of Malloc and other such tools (I found dl malloc on
phrack but other implementations on os's like aix / sun any pointers ??)
1) Integer Overflow (could lead to either stack or heap overflow) -
- Evaluating the value stored in a integer (store a value greater than
the maximum value allowed in an integer variable thus causing an integer
Fix would be to add an additional loop to check for the size of
All possible scenarios they could be used under ?
2) Signed Overflow
Signed overflows occur when a signed variable is interpreted as an
Fix using the correct 'type' required for the variable.
What are all the different singed variables that could be mis-
interpreted and used ?
Thanks again for all the help.