Secure coding
To avoid some of the most common security problems, keep the following in mind:
- Ensure that illegal (malformed, unacceptable) inputs are discarded silently and that parsing signals an error code to the the parsing caller. Every call to a parser should again check for returned error values.
- All error codes (for example, from standard library functions) should be checked and handled gracefully. It is acceptable for an application to stop and signal an error, but not acceptable to crash. An application should not signal the problem to the UI, because this may cause a Denial of Service by opening too many UI prompts.
- If an application copies data to a buffer, it should always check data lengths. Use functions that copy explicit data lengths instead of relying on terminating nulls, or using wrappers such as libsafe.
- An application should never use externally supplied data (including environmental variables) directly as a format string or input to
system()
or shell scripts. The data should be parsed and sanitized first.
Further information
For more information on secure coding, see the following links:
- Secure software design
- Fundamental Practices for Secure Software Development document in SAFECode publications
- Secure Programming for Linux and Unix HOWTO -- Creating Secure Software