Better Software - July/August 2008 - (Page 40) NULL Pointer Dereference Example: 1 void npd_gen_must() { 2 int *p = 0; 3 *p = 1; 4 } Klocwork produces a defect report like the following: npd.gen.must-ret-expl.c:3:3: Error(1):NPD.GEN.MUST: Null pointer ‘p’ that comes from line 2 will be dereferenced at line 3 Figure 3 Insecure storage consists of two subtypes: • Poor randomization • Weak cryptography Presented next are example code snippets in C/C++ and the text messages generated by Klocwork, which are examples of defects that fall into one of the four major categories. These examples are taken from the Klocwork user guide. Figure 1 shows a memory management problem. Note in figure 1 that Klocwork has codes for each defect and has the concept of must and might. Here, memory is allocated on line 6 with the variable ptr and allocates memory again on line 8 with the same variable without freeing the memory first, which causes a memory leak. The method returns at line 10 without freeing the memory a second time, and since the memory was allocated within a method block, the method return goes out of scope and creates a second memory leak. Figure 2 is an example of the might condition for the memory leak defect. Memory is allocated on line 3 and set to NULL only if the variable i is not zero. If i is zero, line 7 returns without freeing the memory. On line 2 in figure 3, a pointer to an integer is declared and set to NULL. Then, on line 3, the pointer is dereferenced. The message at the bottom is straightforward. In figure 4, if arg is NULL, a NULL pointer will be passed to the function xstrcpy(), which will dereference it, causing a crash. According to Klocwork’s documentation, “This example illustrates that a pointer value that can come either from a local assignment of a NULL constant or from a call to a function that will return NULL, might be dereferenced either explicitly or through a call to a function that will dereference it without checking for NULL.” Notice that the message starts with Error(1):NPD.GEN.MIGHT. For each defect, Klocwork assigns a severity level. “Error” is one of those severity levels. On line 2 of figure 5 an array of characters of size ten is declared, and on line 3 a string of size twenty-four is copied into the fixed_buf array, thereby overflowing the array bounds and causing Might Be a Dereference Example: 1 void npd_gen_might(int flag, char *arg) { 2 char *p = arg; 3 if (flag) p = getNull(); 4 if (arg) {p = arg;} 5 xstrcpy(p,”Hello”); 6 } 7 Void xstrcpy(char *dst, char *src) { 8 if(!src) return; 9 dst[0] = src[0]; 10 } Klocwork produces a defect report like the following: npd.gen.might-ret-call.c:5:8: Error(1):NPD.GEN.MIGHT: Null pointer ‘p’ that comes from call to function ‘getNull’ at line 3 may be dereferenced by passing argument 1 to function ‘xstrcpy’ at line 5. Figure 4 Array Bounds Overflow Example: 1 int main() { 2 char fixed_buf[10]; 3 sprintf(fixed_buf,”Very long format string\n”); return 0; 4 } Klocwork produces a defect report like the following: 4:Critical:Buffer overflow, array index of ‘fixed_buf’ may be outside the bounds. Array ‘fixed_buf’ of size 10 declared at line 3 may use index values 0..24 Figure 5 Multiple declarations for object Multiple interface files Multi-kind object definitions Missing some interfaces Only declaration found for object • Only definition found for object • Global object used locally only The types of security vulnerabilities detected are: • Access problems 40 BETTER SOFTWARE JULY/AUGUST 2008 • • • • • • • • • • • Buffer overflow DNS spoofing Ignored return values Injection flaws Insecure storage Unvalidated user input Access problems consist of three subtypes: • Improper sequencing • Least privilege • Time of creation—time of usage www.StickyMinds.com http://www.StickyMinds.com
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.