Secure C programming practices (or HowToMake C Memory Safe(r))

Posted on By Teekåå

I’d like to add a post regarding the C-programming language regarding usage of deprecated or memory unsafe functions.

1. Background

Functions that are the primary source for Buffer Overflow attacks. Aim is to increase awareness about them and make them forbidden to use, 

2. Example that supports the background:

Here is a good and fairly easy-read explaination what’s wrong and what makes the attack feasible[1]. From the same source I also provide the following example: 

Unsafe (DO NOT USE): 

char buf[8];
void vulnerable() { 
  gets(buf); 
}


Safe (DO USE):

void not_vulnerable() {
 char buf[8];
   if (fgets(buf, sizeof buf, stdin) == NULL)
 return;
    printf(buf);
}

Main difference being that fgets() requires that the developer needs to specify how large the input can be at max so no overflow can occur.

3. How to achieve safer C code by forceful measures:

An extreme variant of making C memory safe "embedded" style: is to have no memory allocation.

Throw away the malloc()-function from your standard library and make all variables static globals.

The code will look odd and many things become harder to perform, such as networking and text processing. You gain some, you lose some. But you are guaranteed to avoid heap-related bugs or overflows if you don’t have a heap in the first place.

4. More sources that supports my claims and how to make C safer to use

Discouraged or forbidden to use c-functions[2].
Research paper thath brings up the topic:”Memory-safe Execution of C on a Java VM”[3].
The extension to C called “Checked C” by Microsoft which is designed to support spatial safety, in printable poster-format[4]
They have also published research papers on the topic e.g. “Checked C: Making C Safe by Extension”[5] and “Achieving Safety Incrementally with Checked C”[6]
The Gihub repository for the extension is available for anyone to use[7].
If you really want to dig deep into the science behind what “The Meaning of Memory Safety” is you can find it in a research paper with the same name[8].

5. References

[1]: https://textbook.cs161.org/memory-safety/vulnerabilities.html
[2] https://libreswan.org/wiki/Discouraged_or_forbidden_C_functions
[3] https://chrisseaton.com/plas15/safec.pdf
[4]  https://github.com/microsoft/checkedc/raw/master/papers/presentations/llvmdevmeet2019-checkedc_for_memory_safety.pdf
[5] https://www.microsoft.com/en-us/research/uploads/prod/2018/09/checkedc-secdev2018-preprint.pdf
[6] https://www.microsoft.com/en-us/research/uploads/prod/2019/05/checkedc-post2019.pdf
[7] https://github.com/Microsoft/checkedc
[8] https://arxiv.org/abs/1705.07354 Paper: https://arxiv.org/pdf/1705.07354.pdf
Educational content