wijhierbeneden said:
Hello
I want to make a list of all the vulnerabilities in C/C++.
I am aware of bufferoverflow/heapoverflow/race conditions/format string bugs/
Off-by-one/ numeric under- and overflow/ unsigned-signed mismatch
Are there other vulnerabilities in c/c++??
thx
Your list makes no sense. Let's go into this list in
more detail:
1: Buffer overflows. This can be seen as a vulnerability of C.
There were discussions here about length delimited strings,
and it is a vulnerability that can be fixed.
2: Heap overflow. Strange, difficult to see what you mean here:
2A: The heap gets bigger than the stack and overflows the stack.
This one has nothing to do with C.
2B: You ask for more memory than the system can give
you and the program crashes.
This one has nothing to do with C either.
3: Race conditions: They can happen to you in any language.
This is a general problem of multi-thread, multi-tasking
programming. Since this type of programming is done often
in C, they happen in C but they could happen in lisp too.
4: Format string bugs: Yes, "%s" implies filling a buffer
with an underminate number of bytes and this is a bad
spec in C (in my opinion).
No use of denying this. It induces to error. See
the discussion about strings.
5: Off by one can happen in *any* language, and even in
hardware. Remember the infamous bug Intel had in
the division? It was an off by one copy of the constants
needed by the algorithm: one row was missing. This is
a logic bug, not a C specific one.
6: Same for overflow/undeflow. You can have it in any
language where numbers are accepted !
7: Unsigned/signed mismatch is an error specific to
languages that allow you to use unsigned integers.
There aren't many, and C is one of them. This is
a problem not with C but with people making errors.
As any error, this can lead to bugs but I think the
advantages outweight the problems with unsigned
numbers.
I would admit that buffer overflows and string handling in
C lead to catastrophes in hostile environments. I am just
of the opinion that this can be fixed without throwing away
all the language with it.
What makes C interesting is precisely this absence of an
established paradigm of the language. C is not object
oriented, nor list oriented or array oriented like APL.
It doesn't impose you any preconceived view of your
application.