C/C++ Secure Coding

Language
Insecure Function
Vulnerability
Scenario
Remediation/Secure Function

C

strcpy

Buffer Overflow

A software application takes user input and stores it in a fixed-size buffer.

strncpy with bounds checking and null termination

C

gets

Stack Buffer Overflow

A program reads user input into a stack buffer without bounds checking.

fgets with bounds checking

C

malloc with unchecked bounds

Heap Buffer Overflow

A program allocates memory for user data but does not check the size of the input.

Ensure loop limits are correct and check allocation size

C

strcpy

Stack Buffer Overflow leading to Stack Smashing

A web server takes input from a request and copies it into a local stack buffer.

strncpy with bounds checking and null termination

C

system

Command Injection

An application runs system commands based on user input.

Validate input, use snprintf and validate input securely

C

Unchecked arithmetic operations

Integer Overflow

A program performs arithmetic operations without checking for overflow.

Check arithmetic bounds and validate inputs

C

printf

Format String Vulnerability

A program prints user input directly using printf.

Use format specifiers, e.g., printf("%s", user_input)

String Handling Vulnerabilities

Language
Insecure Function
Vulnerability
Scenario
Remediation/Secure Function

C

strcpy

Buffer Overflow

A software application takes user input and stores it in a fixed-size buffer.

strncpy with bounds checking and null termination

C

strncpy without null termination

Buffer Overflow

A program uses strncpy but does not ensure null termination.

Ensure null termination after strncpy

Buffer Overflow

Language
Insecure Function
Vulnerability
Scenario
Remediation/Secure Function

C

gets

Stack Buffer Overflow

A program reads user input into a stack buffer without bounds checking.

fgets with bounds checking

C

Manual memory management

Heap Buffer Overflow

A program does not properly manage dynamic memory allocation and bounds.

Use safe memory allocation functions and check bounds

Integer Security

Language
Insecure Function
Vulnerability
Scenario
Remediation/Secure Function

C

Unchecked arithmetic operations

Integer Overflow

A program performs arithmetic operations without checking for overflow.

Check arithmetic bounds and validate inputs

Code Injection

Language
Insecure Function
Vulnerability
Scenario
Remediation/Secure Function

C

system

Command Injection

An application runs system commands based on user input.

Validate input, use snprintf and validate input securely

Exploiting Formatted Output Functions

Language
Insecure Function
Vulnerability
Scenario
Remediation/Secure Function

C

printf

Format String Vulnerability

A program prints user input directly using printf.

Use format specifiers, e.g., printf("%s", user_input)

PreviousOut of BoundsNextJava/JS Secure Coding

Last updated