Best Practices for Secure Programming

Memory management

• Mainly a C problem

• Free all malloced memory, eventually.

• Beware of freeing memory twice.

• Use the strl* functions

• Consider using #defines for string/buffer sizes

• Integer overflows (yikes!)

• Even in languages with dynamic buffers, they still use system calls.
  Care is needed when passing strings to system calls

• NEW! Format bugs
  • All format routines should have a developer supplied format string:

    Bad:

                read(fd, buf, sizeof(buf));
                syslog(buf);
                

    Good:

                read(fd, buf, sizeof(buf));
                sanitize(buf);
                syslog("%s", buf);
                

  ---