Insecure Processing of Data
This category covers the following issues:
Buffer Overflows
Why is this important?
A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer. In this case, a buffer is a sequential section of memory allocated to contain anything from a character string to an array of integers. Writing outside the bounds of a block of allocated memory can corrupt data, crash the program, or cause the execution of malicious code.
Check out this video for a high-level explanation:
Fixing Buffer Overflows
Option A: Use secure alternatives
The following functions are prone to buffer overflows and have to be avoided:
functions | functions | functions | functions |
---|---|---|---|
StrCat* | g_get_home_dir | lstrcat | strtrns |
StrCpy* | g_get_tmp_dir | curl_getenv | swprintf |
StrNCat* | getenv | lstrcpy* | vsprintf |
_tccat | getopt* | scanf | vscanf |
_tccpy | getpw | sprintf | wcscat |
_*tscanf | gets | sscanf | wcscpy |
_*stprintf | getwd | strCatBuff | wscanf |
_mb*cpy | realpath | strcat | streadd |
_mb*cat | f*scanf | str*cpy | _getts |
Follow the steps below:
- Go through the issues that GuardRails identified in the PR.
- Look for functions like in the table above, such as this:
void manipulate_string(char* string){
char buf[24];
strcpy(buf, string);
}
- And use safe alternatives that check the buffer bounds, like:
void manipulate_string(char* string){
char buf[24];
strlcpy(buf, string, sizeof(buf));
}
- Test it
- Ship it 🚢 and relax 🌴
Format Strings
Why is this important?
Functions processing Format Strings can be exploited when the submitted data of an input string is evaluated as a command by the application. In this way, an attacker could execute code, read the stack, or cause a segmentation fault in the running application, causing new behaviors that could compromise the security or the stability of the system.
Check out this video for a high-level explanation:
Fixing Insecure Format Strings
Option A: Use format string functions securely
The following functions patterns are prone to format string attacks:
*printf*
syslog
Follow the steps below:
- Go through the issues that GuardRails identified in the PR.
- Look for function patterns like in above, such as this:
int main(int argc, char **argv){
char buf[128];
snprintf(buf,128,argv[1]);
}
Ensure that all format string functions are passed a static string which cannot be controlled by the user and that the proper number of arguments are always sent to that function as well. If at all possible, use functions that do not support the
%n
operator in format strings.Test it
Ship it 🚢 and relax 🌴