when you are goin to code a software which is goin to use by lots of people then you need to make sure you test it properly for any security related bugs.here are following things you should keep in mind when you are coding in c,c++.
1)Buffer Overflow:-it is the favroite topic of any expoit writer.from a wannbe to a expert, first thing which a malicious user try is expoiting a boundry condition in the buffer.this has been discussed many times and some good refrence is available on it but just want to discuss this thing agian in short:-
****star of coding****
void overflow()
void main()
{
overflow();
}
void overflow()
{
char name[8];
printf("enter the name");
scanf("%s",name);
}
as you will figure out this is a buggy code.there is no check on it.so some one can easily misuse it.we will discuss this sometimes later on how to exploit this but to correct it you can simply write overlfow function as(this is a stupid workaround):-
void overflow()
{
char *name;
printf("enter the name");
scanf("%s",name);
}
2)Heap Overflow:-this is another type of attack which can be expoited in your software.i just want to discuss it in veryshort,will write more detailed post on it.
when we run a program it is allocated a default memory space which we call heap.nowo when a program is using the functions like malloc or calloc or anything else say like this:-
char *name;
name=(char*)malloc(sizeof(char)*8);
now as name is 8 bytes long and if put more data in to it then it is going to overflow.
so to solve this prob you can check with a "if statment" or can use otehr funcitons.
3)Format String:-this is intresting attack.consider the following statment:-
printf("enter the name");
scanf("%s,name);
now if a user enter some data like %s%s%s%s%s%s%s then you will get some intresting results.i will write a detailed post on how we can exploit this attacks later.but in short in this kind of attack if you supply malicious input like "%s%s%s%s%s%s%s" then
you can play with stack.
4)NULL Terminated String:-this is a common mistakes made by programmer.consider the floowing code:-
char name[8];
int i;
i=0;
printf("enter the name");
scanf("%s",name);
while(name[i]!=NULL)
{
i++;
}
suppose on running this program if a user enters a string whose length is 8 then there is no space for '\0' chracter.so guess what?the while loops goes in to infinity or you will get some unexpected result.if we go in more details it may possible value of i cause an integer overflow(see next point).
so workaround?never forgot the '\0' character in strings.
5)Integer Overflow:-integer are of a limited size.on some platform it take 2 bytes to store an integer data type.2 byte=1111111111111111=16bits to store any data.now i m not goin to calcuate the power of 2.but it is somewhere around 32768 something.now what happnes if you provide a value which is more then this to an integer variable?
you are right "integer overflow".again i will write a more detailed post later but just like to metnion some problems caused by this attacks:-
a)you can get unexpected results in your calculation(if you have an mathemetics application this will be an disaster)
b)loops can go in to infinite.
let see in short what happnes when an integer oveflow occurs:-
when the integer variable gets overflowd then it agian start vaues from 0.i mean suppose if u splly a value 32769.so we know that the max value an integer var can hold is 32768.so the value will become 0.if we supply 32770 then value will become 1 and so on.
later we see more stuff.bye till then
