C/C++ Secure Coding

Language

Insecure Function

Vulnerability

Scenario

Remediation/Secure Function

strcpy

Buffer Overflow

A software application takes user input and stores it in a fixed-size buffer.

strncpy with bounds checking and null termination

gets

Stack Buffer Overflow

A program reads user input into a stack buffer without bounds checking.

fgets with bounds checking

malloc with unchecked bounds

Heap Buffer Overflow

A program allocates memory for user data but does not check the size of the input.

Ensure loop limits are correct and check allocation size

strcpy

Stack Buffer Overflow leading to Stack Smashing

A web server takes input from a request and copies it into a local stack buffer.

strncpy with bounds checking and null termination

system

Command Injection

An application runs system commands based on user input.

Validate input, use snprintf and validate input securely

Unchecked arithmetic operations

Integer Overflow

A program performs arithmetic operations without checking for overflow.

Check arithmetic bounds and validate inputs

printf

Format String Vulnerability

A program prints user input directly using printf.

Use format specifiers, e.g., printf("%s", user_input)

String Handling Vulnerabilities

Language

Insecure Function

Vulnerability

Scenario

Remediation/Secure Function

strcpy

Buffer Overflow

A software application takes user input and stores it in a fixed-size buffer.

strncpy with bounds checking and null termination

strncpy without null termination

Buffer Overflow

A program uses strncpy but does not ensure null termination.

Ensure null termination after strncpy

Buffer Overflow

Language

Insecure Function

Vulnerability

Scenario

Remediation/Secure Function

gets

Stack Buffer Overflow

A program reads user input into a stack buffer without bounds checking.

fgets with bounds checking

Manual memory management

Heap Buffer Overflow

A program does not properly manage dynamic memory allocation and bounds.

Use safe memory allocation functions and check bounds

Integer Security

Language

Insecure Function

Vulnerability

Scenario

Remediation/Secure Function

Unchecked arithmetic operations

Integer Overflow

A program performs arithmetic operations without checking for overflow.

Check arithmetic bounds and validate inputs

Code Injection

Language

Insecure Function

Vulnerability

Scenario

Remediation/Secure Function

system

Command Injection

An application runs system commands based on user input.

Validate input, use snprintf and validate input securely

Exploiting Formatted Output Functions

Language

Insecure Function

Vulnerability

Scenario

Remediation/Secure Function

printf

Format String Vulnerability

A program prints user input directly using printf.

Use format specifiers, e.g., printf("%s", user_input)

PreviousOut of Bounds NextJava/JS Secure Coding

Last updated 1 year ago

hashtagString Handling Vulnerabilities

hashtagBuffer Overflow

hashtagInteger Security

hashtagCode Injection

hashtagExploiting Formatted Output Functions

String Handling Vulnerabilities

Buffer Overflow

Integer Security

Code Injection

Exploiting Formatted Output Functions