RE: Research on Source Code Review -C

["Marc Sherman" <msherman () go-eol com>]

Hi Dwar,

Have you looked at the methodology used by the OpenBSD team? I believe they perform exhaustive source code reviews for 
their platform which has given OpenBSD a very good reputation it terms of secure code.

Marc

-----Original Message-----
From: dwar keeper [mailto:dwarkeeper () hotmail com]
Sent: Saturday, June 07, 2003 10:44 AM
To: vuln-dev () securityfocus com
Subject: Research on Source Code Review -C


In-Reply-To: <KFEMINDBKGBEMHACCJHCOEJKCNAA.brett () softwarecreations co nz>

Hi,

 

Am looking to develop source code review guidelines for code written in 

c/c++. I have found a few documents on the net but nothing that could be 

really followed along to do source code review. I also wanted to know what 

people in the field are actually doing and also if they could provide 

first hand experience as to what all they look for and how.

 

Some of the software we write also is used on different flav. of UNIX, 

thus how would that impact on finding such as heap overflows (simply would 

it even be a finding if the software is run on solaris as opposed to linux 

where dl malloc is used and it is actually a heap overflowetc) ? I want to 

try and build and exaustive list of functions and a detailed document of 

what all functions, steps to look at on while  performing a ssource code 

review. 

 

I have started with a list of functions for stack already, they have been 

compiled by looking at most of the pre-existing tools (Flawfinder/RATS 

etc) and am also trying to classify all the different types of flaws that 

could occur. I am sure there are a lot of people on this list who have a 

lot more information, I want to just try to collate it all and in the end 

shall try and post it to the list too so every can gain from this if 

possible.

 

Thanks in advance for all your help.

 

/DK

 

I have some examples here as to what flaws to look for please add more and 

give some description or provide a link, thanks.

 

A) Stack

Problem functions listed in stack_func.txt attached.

 

Ways to stop stack overflows are either use other functions which validate 

the input or disable stack execution ( however if return into libc is 

used, this attack will still be successful for disabled stack execution so 

always use validated functions or compile with safe versions of gcc). 

 

B) Heap

Problems that could arise in the heap due to use of contiguos blocks to 

store data and the first variable overwrites data into the second block. 

The overhead part of  each block, which contains the address of the next 

location to execute could be overwritten and thus /bin/sh could be called 

or something along those lines.

 

Functions that couse cause such problems are  - 

 

Possible solutions using canary values between variables, what else could 

be possible solutions? What are the possible functions on this?

 

 

C) Format string

locating all "F" class of functions and validating the format.

 

D) Off by one

 

 

E) Race Condition

 

 

F) Dead lock 

 

G) Implementations of Malloc and other such tools (I found dl malloc on 

phrack but other implementations on os's like aix / sun any pointers ??)

 

 

Additional vectors

--------------------

1) Integer Overflow (could lead to either stack or heap overflow) -

    - Evaluating the value stored in a integer (store a value greater than 

the maximum value allowed in an integer variable thus causing an integer 

overflow)

        Fix would be to add an additional loop to check for the size of 

the value     

    All possible scenarios they could be used under ?

 

2) Signed Overflow

    Signed overflows occur when a signed variable is interpreted as an 

unsigned variable.

    Fix using the correct 'type' required for the variable.

    What are all the different singed variables that could be mis-

interpreted and used ?

 

Thanks again for all the help.