C和C++安全编码 原书第2版 英文版PDF|Epub|txt|kindle电子书版本网盘下载

C和C++安全编码 原书第2版 英文版PDF格式电子书版下载

注意：本站所有压缩包均有解压码： 点击下载压缩包解压工具

Chapter 1 Running with Scissors1

1.1 Gauging the Threat5

WhatIstheCost?6

Who Is the Threat?8

Software Security11

1.2 Security Concepts12

Security Policy14

Security Flaws14

Vulnerabilities15

Exploits16

Mitigations17

1.3 C and C++17

A Brief History19

What Is the Problem with C?21

Legacy Code24

Other Languages25

1.4 Development Platforms25

Operating Systems26

Compilers26

1.5 Summary27

1.6 Further Reading28

Chapter 2 Strings29

2.1 Character Strings29

StringDataType30

UTF-832

Wide Strings33

String Literals34

Strings in C++36

Character Types37

Sizing Strings39

2.2 Common String Manipulation Errors42

Improperly Bounded String Copies42

Off-by-One Errors47

Null-Termination Errors48

String Truncation49

String Errors without Functions49

2.3 String Vulnerabilities and Exploits50

Tainted Data51

Security Flaw:IsPasswordOK52

Buffer Overflows53

Process Memory Organization54

Stack Management55

Stack Smashing59

Code Injection64

Arc Injection69

Return-Oriented Programming71

2.4 Mitigation Strategies for Strings72

String Handling73

C11 Annex K Bounds-Checking Interfaces73

Dynamic Allocation Functions76

C+++std::basic_string80

Invalidating String Object References81

Other Common Mistakes in basi c_stri ng Usage83

2.5 String-Handling Functions84

gets()84

C9984

C11 Annex K Bounds-Checking Interfaces:gets_s()86

Dynamic Allocation Functions87

strcpy() and strcat()89

C9989

strncpy() and strncat()93

memcpy() and memmove()100

strlen()100

2.6 Runtime Protection Strategies101

Detection and Recovery101

Input Validation102

Object Size Checking102

Visual Studio Compiler-Generated Runtime Checks106

Stack Canaries108

Stack-Smashing Protector(ProPolice)110

Operating System Strategies111

Detection and Recovery111

Nonexecutable Stacks113

W^X113

PaX115

Future Directions116

2.7 Notable Vulnerabilities117

Remote Login117

Kerberos118

2.8 Summary118

2.9 Further Reading120

Chapter 3 Pointer Subterfuge121

3.1 Data Locations122

3.2 Function Pointers123

3.3 Object Pointers124

3.4 Modifying the Instruction Pointer125

3.5 Global Offset Table127

3.6 The.dtors Section129

3.7 Virtual Pointers131

3.8 The atexit() and on_exit() Functions133

3.9 The longjmp() Function134

3.10 Exception Handling136

Structured Exception Handling137

System Default Exception Handling139

3.11 Mitigation Strategies139

Stack Canaries140

W^X140

Encoding and Decoding Function Pointers140

3.12 Summary142

3.13 Further Reading143

Chapter 4 Dynamic Memory Management145

4.1 C Memory Management146

C Standard Memory Management Functions146

Alignment147

alloca() and Variable-Length Arrays149

4.2 Common C Memory Management Errors151

Initialization Errors151

Failing to Check Return Values153

Dereferencing Null or Invalid Pointers155

Referencing Freed Memory156

Freeing Memory Multiple Times157

Memory Leaks158

Zero-Length Allocations159

DR #400161

4.3 C++ Dynamic Memory Management162

Allocation Functions164

Deallocation Functions168

Garbage Collection169

4.4 Common C+++ Memory Management Errors172

Failing to Correctly Check for Allocation Failure172

Improperly Paired Memory Management Functions172

Freeing Memory Multiple Times176

Deallocation Function Throws an Exception179

4.5 Memory Managers180

4.6 Doug Lea's Memory Allocator182

Buffer Overflows on the Heap185

4.7 Double-Free Vulnerabilities191

Writing to Freed Memory195

RtlHeap196

Buffer Overflows(Redux)204

4.8 Mitigation Strategies212

Null Pointers212

Consistent Memory Management Conventions212

phkmalloc213

Randomization215

OpenBSD215

The jemalloc Memory Manager216

Static Analysis217

Runtime Analysis Tools218

4.9 Notable Vulnerabilities222

CVS Buffer Overflow Vulnerability222

Microsoft Data Access Components(MDAC)223

CVS Server Double-Free223

Vulnerabilities in MIT Kerberos 5224

4.10 Summary224

Chapter 5 Integer Security225

5.1 Introduction to Integer Security225

5.2 Integer Data Types226

Unsigned Integer Types227

Wraparound229

Signed Integer Types231

Signed Integer Ranges235

Integer Overflow237

Character Types240

Data Models241

Other Integer Types241

5.3 Integer Conversions246

Converting Integers246

Integer Conversion Rank246

Integer Promotions247

Usual Arithmetic Conversions249

Conversions from Unsigned Integer Types250

Conversions from Signed Integer Types253

Conversion Implications256

5.4 Integer Operations256

Assignment258

Addition260

Subtraction267

Multiplication269

Division and Remainder274

Shifts279

5.5 Integer Vulnerabilities283

Vulnerabilities283

Wraparound283

Conversion and Truncation Errors285

Nonexceptional Integer Logic Errors287

5.6 Mitigation Strategies288

Integer Type Selection289

Abstract Data Types291

Arbitrary-Precision Arithmetic292

Range Checking293

Precondition and Postcondition Testing295

Secure Integer Libraries297

Overflow Detection299

Compiler-Generated Runtime Checks300

Verifiably In-Range Operations301

As-If Infinitely Ranged Integer Model303

Testing and Analysis304

5.7 Summary307

Chapter 6 Formatted Output309

6.1 Variadic Functions310

6.2 Formatted Output Functions313

Format Strings314

GCC318

Visual C+++318

6.3 Exploiting Formatted Output Functions319

Buffer Overflow320

Output Streams321

Crashing a Program321

Viewing Stack Content322

Viewing Memory Content324

Overwriting Memory326

Internationalization331

Wide-Character Format String Vulnerabilities332

6.4 Stack Randomization332

Defeating Stack Randomization332

Writing Addresses in Two Words334

Direct Argument Access335

6.5 Mitigation Strategies337

Exclude User Input from Format Strings338

Dynamic Use of Static Content338

Restricting Bytes Written339

Cll Annex K Bounds-Checking Interfaces340

iost ream versus stdio341

Testing342

Compiler Checks342

Static Taint Analysis343

Modifying the Variadic Function Implementation344

Exec Shield346

FormatGuard346

Static Binary Analysis347

6.6 Notable Vulnerabilities348

Washington University FTP Daemon348

CDE ToolTalk348

Ettercap Version NG-0.7.2 349

6.7 Summary349

6.8 Further Reading351

Chapter 7 Concurrency353

7.1 Multithreading354

7.2 Parallelism355

Data Parallelism357

Task Parallelism359

7.3 Performance Goals359

Amdahl's Law361

7.4 Common Errors362

Race Conditions362

Corrupted Values364

Volatile Objects365

7.5 Mitigation Strategies368

Memory Model368

Synchronization Primitives371

Thread Role Analysis(Research)380

Immutable Data Structures383

Concurrent Code Properties383

7.6 Mitigation Pitfalls384

Deadlock386

Prematurely Releasing a Lock391

Contention392

The ABA Problem393

7.7 Notable Vulnerabilities399

DoS Attacks in Multicore Dynamic Random-Access Memory(DRAM)Systems399

Concurrency Vulnerabilities in System Call Wrappers400

7.8 Summary401

Chapter 8 File I/O403

8.1 File I/O Basics403

File Systems404

Special Files406

8.2 File I/O Interfaces407

Data Streams408

Opening and Closing Files409

POSIX410

File I/O in C+++412

8.3 Access Control413

UNIX File Permissions413

Process Privileges415

Changing Privileges417

Managing Privileges422

Managing Permissions428

8.4 File Identification432

Directory Traversal432

Equivalence Errors435

Symbolic Links437

Canonicalization439

Hard Links442

Device Files445

File Attributes448

8.5 Race Conditions450

Time of Check,Time of Use(TOCTOU)451

Create without Replace453

Exclusive Access456

Shared Directories458

8.6 Mitigation Strategies461

Closing the Race Window462

Eliminating the Race Object467

Controlling Access to the Race Object469

Race Detection Tools471

8.7 Summary472

Chapter 9 Recommended Practices473

9.1 The Security Development Lifecycle474

TSP-Secure477

Planning and Tracking477

Quality Management479

9.2 Security Training480

9.3 Requirements481

Secure Coding Standards481

Security Quality Requirements Engineering483

Use/Misuse Cases485

9.4 Design486

Secure Software Development Principles488

Threat Modeling493

Analyze Attack Surface494

Vulnerabilities in Existing Code495

Secure Wrappers496

Input Validation497

Trust Boundaries498

Blacklisting501

Whitelisting502

Testing503

9.5 Implementation503

Compiler Security Features503

As-If Infinitely Ranged(AIR)Integer Model505

Safe-Secure C/C+++505

Static Analysis506

Source Code Analysis Laboratory(SCALe)510

Defense in Depth511

9.6 Verification512

Static Analysis512

Penetration Testing513

Fuzz Testing513

Code Audits515

Developer Guidelines and Checklists516

Independent Security Review516

Attack Surface Review517

9.7 Summary518

9.8 Further Reading518

References519

Acronyms539

Index545