Friday, July 15, 2016

Secure C/C++ Coding practices

Dear Software Engineers and Amateur Programmers,

In today's scenario, writing secure code is not a choice anymore, it's a necessity.

As a result of me attending Paul Ionescu's webcast "Inside the mind of a Hacker" (https://t.co/YjqiJpn7lE) (where he talks about how crackers crack their way through your code and what loopholes and vulnerabilities they exploit) and being trained overtime with strong review comments from peers laying emphasis on secure programming, I've begun giving a keen eye to best coding practices.

One such link I googled for yesterday and thought of sharing is:

The following usage in the correctly marked answer there:
strncpy(buff, "String 1", BUFFER_SIZE - 1);
buff[BUFFER_SIZE - 1] = '\0';
is actually correct and not incorrect as pointed out by one of the commenters. See for yourself to know why!
(I couldn't add a comment there due to lack of enough points to comment on StackOverflow.)

I found many instances of insecure invocation of strncpy in the open source package I am currently working on like
strncpy(buff, "String 1", sizeof(buf));
and wanted to give a alert to the maintainers/programmers if they are using such lines often in their code so that they stop making this mistake.

Will keep posting updates in this space with more such important links.

Till then,
Cheers and Happy Coding!