Nice. I'll mention it in my secure programming class this semester. I'd be interested in any exercises/labs based on it, appropriate for undergrads.
Cheers, Pascal On 8/17/06 10:04 AM, "Robert C. Seacord" <[EMAIL PROTECTED]> wrote: > > The CERT/CC has released a beta version of a secure integer library for > the C Programming Language. The library is available for download from > the CERT/CC Secure Coding Initiative web page at: > http://www.cert.org/secure-coding/ > > The purpose of this library is to provide a collection of utility > functions that can assist software developers in writing C programs that > are free from common integer problems such as integer overflow, integer > truncation, and sign errors that are a common source of software > vulnerabilities. > > Functions have been provided for all integer operations subject to > overflow such as addition, subtraction, multiplication, division, unary > negation, etc.) for int, long, long long, and size_t integers. The > following example illustrates how the library can be used to add two > signed long integer values: > > long retsl, xsl, ysl; > xsl = LONG_MAX; > ysl = 0; > retsl = addsl(xsl,ysl); > > For short integer types (char and short) it is necessary to truncate the > result of the addition using one of the safe conversion functions > provided, for example: > > char retsc, xsc, ysc; > xsc = SCHAR_MAX; > ysc = 0; > retsc = si2sc(addsi(xsc, ysc)); > > For error handling, the secure integer library uses the mechanism for > Runtime-constraint handling defined by TR 24731 "Specification for > Safer, More Secure C Library Functions" available at: > http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1135.pdf > > The implementation uses the high performance algorithms defined by Henry > S. Warren in the book "Hacker's Delight". > > For more information on vulnerabilities and other problems resulting > from the incorrect use of integers in C and C++ please read Chapter 5 of > "Secure Coding in C and C++" which is available as a free download from > the CERT web site: > > http://www.cert.org/books/secure-coding/moreinfo.html > > Please address any defect reports, comments and suggestions concerning > the Secure Integer Library or CERT Secure Coding Initiative to me. > Thanks to Henry and to Juan Alvarado who coded the implementation. > > Thanks, > rCs > _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
