SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 52

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 53

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="464166c5d66ee114-7a168bd2-41b34f16-96348d85-4ee8c20efc2f8df9b99b9cca"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
\[Burch 06\] Burch, H.; Long, F.; & Seacord, R. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="090e5771921c3d63-6e8a5948-4e2f489b-ab23af70-50ec5b00c087acc1d248d0f7"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
\[Callaghan 95\] B. Callaghan, B. Pawlowski, P. Staubach. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt]. June 1995.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e35a6f46f690a7b4-b400374a-49714c35-bb9a8082-62614f2025f0c0b122bb93df"><ac:parameter ac:name="">CERT 06</ac:parameter></ac:structured-macro>
\[CERT 06\] CERT. [Managed String Library|http://www.cert.org/secure-coding/managedstring.html] (2006).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d088bfaa93c0a978-ad17b6d5-4f974fbc-9ed19d17-316a8374a4b2ed0d09e1910e"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
\[Dewhurst 02\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston, MA: Addison-Wesley Professional, 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="422bee12e5ce7655-318ad7bc-438e49f6-8e5d9bab-dbb2deebf855ad6baafe8783"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
\[Dowd 06\] Dowd, M.; McDonald, J.; & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston, MA: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="de2bd26ff5906f20-a2591f28-4b5b4913-a863a2b1-d21407ac4b479ecb8c34eeb8"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
\[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong).|http://people.redhat.com/drepper/defprogramming.pdf] May 3, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4d53d627236c9ce3-bad1f5ba-449c441d-b09fbc3c-64ddd328f74454cf7b21989e"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
\[FSF 05\] Free Software Foundation. [GCC online documentation.|http://gcc.gnu.org/onlinedocs] (2005).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c08998ab528fb3fb-482e4314-4e0e43d2-8918b87b-ca1070c1946da988a8d49cd7"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
\[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d40e06e61dc67d93-f028f540-48c34845-b33784ea-91ac135e882c282fd0f637e5"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
\[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."&nbsp;

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9a30c1eca7ca1eb9-81709234-424041c5-8949b1c2-a935f273bb3adb755e10cf84"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
\[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November, 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fd73a89f2cf0f677-cee38664-46cf4410-a3d084f3-0977e53db46f239c3886069e"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
\[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cba3cf23bc006113-14fa30c6-48ef42b9-a7cf9295-d865f9a5ac71b99fe5a003fd"><ac:parameter ac:name="">ilja>HP 06<03</ac:parameter></ac:structured-macro>
\[iljaHP 0603\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006[Tru64 UNIX Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. January 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8d7822a3e9244764-5adcb74a-43de42ac-9fffb4df-39c6d7e4db61fb0168ab361d"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac>ilja 06</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899-1999\] ISO/IEC 9899-1999. _Programming Languages --- C, Second Edition_, 1999ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c37e80c55409081d-730d0b66-467245d8-95ff832e-fc273df18a4cdedf369e62ef"><ac:parameter ac:name="">ISO/IEC TR 247319899-2006<1999</ac:parameter></ac:structured-macro>
\[ISO/IEC TR 247319899-20061999\] ISO/IEC TR 247319899-1999. _ExtensionsProgramming to the C Library, Languages --- PartC, I: Bounds-checking interfaces_. April, 2006Second Edition_, 1999.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="03143f1605a734ec-0f57bd29-49174300-a75e9a56-b0392d7a1118841823975fae"><ac:parameter ac:name="">Kerrighan 88<>ISO/IEC TR 24731-2006</ac:parameter></ac:structured-macro>
\[Kerrighan 88ISO/IEC TR 24731-2006\] Kerrighan, B. W. & Ritchie, D. M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. April, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dde710a597ecde0e-9fc7ca7b-462b45c0-b4998446-deb48ae7b16315a51b871e34"><ac:parameter ac:name="">Kettle>Kennaway 02<00</ac:parameter></ac:structured-macro>
\[KettlewellKennaway 0200\] Kettlewell,Kris RichardKennaway. [_C Language Gotchas_Re: /tmp topic|http://www.greenend.org.uk/rjk/2001/02/cfu.html] (February 2002)lwn.net/2000/1221/a/sec-tmp.php3]. December 2000.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e53a4bcd66b9eb5e-99011925-4ecf478d-9d0a8433-9a34473b8e3a1d1425874dd0"><ac:parameter ac:name="">Kettle>Kerrighan 03<88</ac:parameter></ac:structured-macro>
\[Kerrighan 88\] Kerrighan, B. W. & Ritchie, D. M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4da027a6-3b00-413a-8ed8-9df429678e10"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
\[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html] (February 2002).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0d725e3f-070c-4041-bb82-d155f56dd48c"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
\[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html] (March 2003).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8ba5027d-8e0f-4547-bff8-1f00ad919c5b"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
\[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html] (2002).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3e1c4113-6ead-4e94-b072-437d5ad9a464"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
\[Lai 06\] Ray Lai. [_Reading Between the LinesKettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html] (March 2003)undeadly.org/cgi?action=article&sid=20061027031811]. OpenBSD Journal. October, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9a7d68ce3b39f539-c75d5035-43d9485d-94449556-1bcc4ef9899fd8f2e2e47ad2"><ac:parameter ac:name="">Klein 02<>mercy</ac:parameter></ac:structured-macro>
\[Klein 02mercy\] Klein, Jackmercy. [_BulletExploiting Proof Integer Input Using strtol()Uninitialized Data_|http://homewww.att.net/~jackklein/c/code/strtol.htmlfelinemenace.org/papers/UBehavior.zip] (2002January 2006).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c08d9cc4a4967bf4-b4baf8de-4c0341cc-b743a1b9-12b24d901476ad4a45ba03a4"><ac:parameter ac:name="">Lai>MISRA 06<04</ac:parameter></ac:structured-macro>
\[LaiMISRA 06\] Ray Lai. [_Reading Between the Lines_|http://undeadly.org/cgi?action=article&sid=20061027031811]. OpenBSD Journal. October, 200604\] MIRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e9c2b14b42c8e7b3-3c6df42a-45d74661-903b8e44-08e6a0066ba04deef7efe703"><ac:parameter ac:name="">mercy<>NASA-GB-1740.13</ac:parameter></ac:structured-macro>
\[mercy\] mercyNASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_ExploitingNASA Software UninitializedSafety DataGuidebook_|http://wwwpbma.felinemenace.org/papers/UBehavior.zip] (January 2006nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d9be2b38b332f548-9cef395a-475f4a36-bb2fbd64-98700ff1133e45fa494a2f1e"><ac:parameter ac:name="">MISRA>NIST 04<06</ac:parameter></ac:structured-macro>
\[MISRANIST 0406\] MIRA LimitedNIST. "[MISRA C_SAMATE Reference Dataset_|http://wwwsamate.misranist.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564Xgov/SRD/] (2006).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="16da1602122e4e78-0f3432a1-4d8d4bb2-a120bf86-cf1ae480e4b1048ed3282974"><ac:parameter ac:name="">NASA-GB-1740.13<>NIST 06b</ac:parameter></ac:structured-macro>
\[NASA-GB-1740.13NIST 06b\] NASANIST. Glenn[DRAFT ResearchSource Center,Code OfficeAnalysis ofTool SafetyFunctional Assurance TechnologiesSpecification. [_NASA Software Safety Guidebook_|| http://pbmasamate.nasanist.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13)SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] Information Technology Laboratory (ITL), oftware
Diagnostics and Conformance Testing Division. September, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3cb7226104ebf2a7-4a79bf96-48154d5b-86c69992-8ac8618edaa9285ddac8d61f"><ac:parameter ac:name="">NIST>Open Group 06<97</ac:parameter></ac:structured-macro>
\[NISTOpen Group 0697\] The Open NISTGroup. [_SAMATE Reference DatasetThe Single UNIX® Specification, Version 2_|http://samatewww.nistopengroup.govorg/onlinepubs/SRD7990989775/toc.htm] (20061997).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3ea331993ecbf46f-38a06650-40824a99-848fafca-457878a9716350d581ffa183"><ac:parameter ac:name="">NIST>Open Group 06b<04</ac:parameter></ac:structured-macro>
\[NISTOpen Group 06b04\] The NISTOpen Group. [DRAFT Source Code Analysis Tool Functional Specification. | "[_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://samatewww.nistopengroup.govorg/onlinepubs/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] Information Technology Laboratory (ITL), oftware
Diagnostics and Conformance Testing Division. September, 2006.009695399/toc.htm]." (2004).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5c56afe262fd8be9-1ceaeb05-4f5d4843-a36a8143-12a6aa437866b72925a27050"><ac:parameter ac:name="">Open>Plum Group 97<89</ac:parameter></ac:structured-macro>
\[OpenPlum Group 9789\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm] (1997Plum, Thomas, and Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="05934a89f0603832-2b5f9a55-4ffe42d0-92b89d13-a4eb2d638c2b1c4968f29a7b"><ac:parameter ac:name="">Open>Plum Group 04<91</ac:parameter></ac:structured-macro>
\[OpenPlum Group 0491\] The Open GroupPlum, Thomas. "[_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm]." (2004_C+\+ Programming_. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="73d7e69bc320e96e-c450fcf3-48ac4190-9ff2afa8-b891b49bac6161ff1661edae"><ac:parameter ac:name="">Plum>Saks 89<99</ac:parameter></ac:structured-macro>
\[PlumSaks 8999\] Plum, Thomas, and Saks, DanDan Saks. [_Cconst Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).T vs.T const_|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]. Embedded Systems Programming. Pg. 13-16. February 1999.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9840ad2100f0920b-59bcbe4f-4389480e-a547bff5-c3adf380cbe33aaf861b7b05"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
\[Plum 91\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).
Wiki Markup
:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a721b2d62e9febfa-b3b8942a-4aec458b-951da024-91de5401ec6a99680f799ebf"><ac:parameter ac:name="">Saks>Seacord 99<05a</ac:parameter></ac:structured-macro>
\[Saks 99\] Dan Saks. [_const T vs.T const_|\[Seacord 05a\] Seacord, R. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.dansakscert.comorg/articlesbooks/1999secure-02%20const%20T%20vs%20T%20const.pdfcoding]. Embeddedfor Systems Programming. Pg. 13-16. February 1999. news and errata.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3b606c3c-ba5a-45db-a813-bf7e29b327ed"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c5f11b65-f937-4152-8d14-3417b3291040640731fc-e860-40b3-8c27-f81cd1b886e4"><ac:parameter ac:name="">Seacord 05a<05b</ac:parameter></ac:structured-macro>
\[Seacord 05a05b\] Seacord, R. _Secure Coding in"Managed String Library for C, and C/C+\+_." Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata_Users Journal_ _23_, 10 (October 2005): 30-34.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e8b7dd2577ff9360-5ef4eafd-4b224a4e-8043a467-6cb424e0035066894740497e"><ac:parameter ac:name="">Seacord>Summit 05b<95</ac:parameter></ac:structured-macro>
\[SeacordSummit 05b95\] SeacordSummit, RSteve. "Managed_C StringProgramming LibraryFAQs: forFrequently C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30-34Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2a1c3490b799a359-bc57cba7-41834c21-aeb88576-63ab6592c3e10b58040ae836"><ac:parameter ac:name="">Summit 95<05</ac:parameter></ac:structured-macro>
\[Summit 9505\] Summit, Steve. _C Programming FAQs: [_comp.lang.c Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199|http://c-faq.com/] (2005).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cf744bf42c9f59b0-dc6a59be-40c541d6-acbfbf05-55a95644f9d984983ef53206"><ac:parameter ac:name="">Summit>Viega 05<03</ac:parameter></ac:structured-macro>
\[SummitViega 0503\] Summit Viega, John & Messier, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/] (2005Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9977a0f73d234b25-2108f921-438f4e0a-b3dca76f-71981f8e6a28fb70a929401a"><ac:parameter ac:name="">Viega 03<05</ac:parameter></ac:structured-macro>
\[Viega 03\] Viega, John & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).05\]  Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software. (2005)

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e262fd4bad7a7992-4d1fa05d-429e43f6-8a1d8b80-2f88be0d4f74130bb2b97c8e"><ac:parameter ac:name="">Viega>Warren 05<02</ac:parameter></ac:structured-macro>
\[ViegaWarren 0502\] Warren, Viega,Henry JohnS. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software. (2005)_Hacker's Delight_. Boston, MA: Addison Wesley Professional. 2002 (ISBN 0201914654).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="96dbc8821728c0ec-bf0005e8-4bd949b2-83ba8fba-303940d6d28830bc42cab85f"><ac:parameter ac:name="">Warren>Wheeler 02<03</ac:parameter></ac:structured-macro>
\[WarrenWheeler 0203\] Warren,David Henry S. _Hacker's Delight_. Boston, MA: Addison Wesley Professional. 2002 (ISBN 0201914654)Wheeler. [Secure Programming for Linux and Unix HOWTO, v3.010. |http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003.