By Richard Lindberg, aka RiBiNiN, CastleCops Staff Writer
September 6, 2006
Last time, I confessed to being the source of all the security problems with computers. That was a mistake. Criminals apparently read the Castle Cops front page. There are now articles being written like Attackers pass on operating systems and Attackers pass on OS, aim for drivers and apps.
I seem to have made matters worse. I’m sorry. I am trying make amends by how I write programs now. In addition, Websplasher is a sponsor of the upcoming Security Opus conference in San Francisco. There will be some great speakers including the keynote by Simple Nomad.
Have you ever taken a class in a “temporary” classroom? You know, where they parked a trailer near the school while they built the classrooms they needed? That happened how many years ago?
The same thing happens in programming. We throw in some code, fully intending to go back and make it right, and somehow never get around to doing it. Temporary, buggy code becomes permanent.
Do not write any code that you wouldn’t like to see in a PowerPoint presentation. Picture everybody you know professionally seeing your code. It is the same principle as putting on clean underwear in case you are taken to a hospital. Make your potential shame work for you.
Do not leave any code improperly indented. Calling it “Pretty Print” makes spacing and indentation sound insignificant. In fact, it is extremely important. The brain will often interpret logic from the indentation instead of from the code.
I know this sounds like the opening remarks in Computer Science 101 and all the students are thinking, “Yeah, yeah, when are we going to code?” Right now! int main(int argc, char* argv[])
{
01 char Message[64];
02 char * pMessage=Message;
03 strcpy(pMessage,argv[1]);
04 strcat(pMessage," ");
05 strcat(pMessage,argv[2]);
06 strcat(pMessage,"\n");
07 printf(pMessage);
08 return 0;
}This is a basic “hello world” program written in C. I added the line numbers for convenient reference.
This program allows you to enter any 2 words on the command line and have them display on the console. Line 01 sets up a space 64 characters long, plenty of space for any two words I can think of. Line 02 gives us a pointer to the space that we can use to work with it. Line 03 takes the first word and moves it to the message. Line 04 adds a space to go between the words. Line 05 places the second word after the space. And finally, line 06 completes the string with a newline character.
If the person using the program enters Castle01 Hello world on the command line, it works fine. Leave off one of the words and it blows up. If the combined length of the parameters is more than 62, the program abends and is vulnerable to being taken control of.
Is this example too contrived? I don’t think so. Accepting that parameters are correct is a very common practice. Never trust input.
Adding some parameter checking helps:#define MessageLENGTH 64
int main(int argc, char* argv[])
{
if (argc==3)
{
if ((strlen(argv[1]) + strlen(argv[2])) < MessageLENGTH-2)
{
MainNormalProcessing(argv[1],argv[2]);
return 0;
}
else
{
printf("This parameters are too long\n");
return 1;
}
}
else
{
printf("This program needs 2 parameters\n");
return 1;
}
}
void MainNormalProcessing(char * cWordOne, char * cWordTwo)
{
char Message[MessageLENGTH+1];
char * pMessage=Message;
memset(pMessage,'\x0',MessageLENGTH+1);
strcpy(pMessage,cWordOne);
strcat(pMessage," ");
strcat(pMessage,cWordTwo);
strcat(pMessage,"\n");
printf(pMessage);
return;
}
Did I miss anything? What is the error that will likely be introduced the first time the output message is changed? E-mail: RiBiNiN@CastleCops.com Hint: put CCPS in the subject line so I know it’s not spam.
