SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 62 Next »

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9ba5d60a-b402-4acb-a36e-0be4128d5393"><ac:parameter ac:name="">Apple 06</ac:parameter></ac:structured-macro>
[Apple 06] Secure Coding Guide, May, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c3e856e1-0811-46ed-bff2-0ca3dd537d03"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
[Burch 06] Burch, H.; Long, F.; & Seacord, R. Specifications for Managed Strings (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e01748f8-ec15-459a-8827-025269a0d77c"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
[Callaghan 95] Callaghan, B.; Pawlowski, B.; & Staubach, P. IETF RFC 1813 NFS Version 3 Protocol Specification (June 1995).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="56adfa11-888c-4cff-b971-d502270aec75"><ac:parameter ac:name="">CERT 06</ac:parameter></ac:structured-macro>
[CERT 06] CERT. Managed String Library (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cd5cc0a7-cf21-4777-9305-d6f7c692d9a2"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
[Dewhurst 02] Dewhurst, Stephen C. C++ Gotchas: Avoiding Common Problems in Coding and Design. Boston, MA: Addison-Wesley Professional, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="579bd349-3b09-492f-9feb-45916bb92f46"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
[Dowd 06] Dowd, M.; McDonald, J.; & Schuh, J. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. Boston, MA: Addison-Wesley, 2006. See http://taossa.com for updates and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d8af9b29-4234-4135-a95f-21032b2a2c0a"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
[Drepper 06] Drepper, Ulrich. Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong). May 3, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0507d6e3-ba61-4771-8dda-fcefa21a7e63"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
[FSF 05] Free Software Foundation. GCC online documentation (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dbf57b5f-eafd-443d-992d-b5e651997bdd"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
[Graff 03] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6007b316-7dcf-437a-a578-b20a54bf1d9f"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
[Griffiths 06] Griffiths, Andrew. "Clutching at straws: When you can shift the stack pointer." 

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="51d7e785-3793-4d9d-ad85-914dcdeda48c"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
[Haddad 05] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." Linux World Magazine, November, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9b2e122b-d8ba-44ab-a8ec-514deb91eeb4"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
[Hatton 95] Hatton, Les. Safer C: Developing Software for High-Integrity and Safety-Critical Systems. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="17275e06-a527-4fda-a132-9addc32703be"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
[HP 03] Tru64 UNIX: Protecting Your System Against File Name Spoofing Attacks. Houston, TX: Hewlett-Packard Company, January 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f42115e7-e90b-494b-9f99-0611dbae7b9e"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
[ilja 06] ilja. "readlink abuse." ilja's blog, August 13, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="85021d6c-7ced-4d30-9b6a-99ff0ef8d8d4"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
[ISO/IEC 9899-1999] ISO/IEC 9899-1999. Programming Languages — C, Second Edition. Geneva, Switzerland: International Organization for Standardization, 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="21c11d7f-cf1e-4fea-ab08-032db93a265a"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
[ISO/IEC 03] Rationale for International Standard — Programming Languages — C, Revision 5.10. Geneva, Switzerland: International Organization for Standardization, April 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8b9d3c20-0c7c-4ee8-b228-99d3428323b4"><ac:parameter ac:name="">ISO/IEC TR 24731-2006</ac:parameter></ac:structured-macro>
[ISO/IEC TR 24731-2006] ISO/IEC TR 24731. Extensions to the C Library, — Part I: Bounds-checking interfaces. Geneva, Switzerland: International Organization for Standardization, April 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fdd50e24-9dfc-4ead-86f6-6e19b50ba546"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
[Kennaway 00] Kennaway, Kris. Re: /tmp topic (December 2000).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eb737f8d-3344-44b6-ae4e-00dd0163ff74"><ac:parameter ac:name="">Kerrighan 88</ac:parameter></ac:structured-macro>
[Kerrighan 88] Kerrighan, B. W. & Ritchie, D. M. The C Programming Language, 2nd ed. Englewood Cliffs, NJ: Prentice-Hall, 1988.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cc5ab83b-d856-44c9-9dc7-811023298dc1"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
[Kettlewell 02] Kettlewell, Richard. C Language Gotchas (February 2002).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6a9dae0a-308f-4a51-b633-fbdfec92549e"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
[Kettlewell 03] Kettlewell, Richard. Inline Functions In C (March 2003).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d1b1ce88-1885-476b-bb9a-664314763f05"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
[Klein 02] Klein, Jack. Bullet Proof Integer Input Using strtol() (2002).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ba31a5d9-3ed3-4aff-b3b0-5f1981e38839"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
[Lai 06] Lai, Ray. "Reading Between the Lines." OpenBSD Journal, October 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0e14e842-821e-448b-9a1a-6ba7c1c1a808"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro>
[Lions 96] Lions, J. L. ARIANE 5 Flight 501 Failure Report. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="47494fa4-1cdd-4a1d-a39e-883f57f8ea9c"><ac:parameter ac:name="">mercy</ac:parameter></ac:structured-macro>
[mercy] mercy. Exploiting Uninitialized Data (January 2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="81ac9021-506d-4cd0-8f44-d1afdc6d1195"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
[MISRA 04] MIRA Limited. "MISRA C: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="810d6679-a5fe-4d2b-97f1-76e5b2432bf6"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
[NASA-GB-1740.13] NASA Glenn Research Center, Office of Safety Assurance Technologies. NASA Software Safety Guidebook (NASA-GB-1740.13).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0aeba711-2629-4ea0-b4e9-30ad4b8ba370"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
[NIST 06] NIST. SAMATE Reference Dataset (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4e91d474-ed24-4c90-b45d-c24d728f0b1a"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro>
[NIST 06b] NIST. DRAFT Source Code Analysis Tool Functional Specification. NIST Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, September 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4b3e08e6-03b6-490b-be02-e98a2fb66cca"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro>
[Open Group 97] The Open Group. The Single UNIX® Specification, Version 2 (1997).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="abd19a8e-fe52-4e44-be39-4314857b9223"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro>
[Open Group 97b] The Open Group. Go Solo 2 - The Authorized Guide to Version 2 of the Single UNIX Specification (May 1997).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c37a7218-75ba-412b-a418-11f4ae9c10b1"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
[Open Group 04] The Open Group and the IEEE. The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition (2004).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8bc80921-810b-4061-951d-b2aa8c221988"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
[Plum 89] Plum, Thomas, & Saks, Dan. C Programming Guidelines, 2nd ed. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="34e94917-90cc-4b21-87c9-94982852826e"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
[Plum 91] Plum, Thomas. C++ Programming. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="74c53d50-ea6f-4e7e-b2d4-f36005b333fc"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
[Saks 99] Saks, Dan. "const T vs.T const." Embedded Systems Programming, February 1999, pp. 13-16.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="55288f83-3334-4bc6-a693-f28858522f3d"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="376008b2-98d5-4eac-b548-6cf66d84be84"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
[Seacord 05a] Seacord, R. Secure Coding in C and C++. Boston, MA: Addison-Wesley, 2005. See http://www.cert.org/books/secure-coding for news and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4e30d6e2-a291-43f5-9523-6b02b2560299"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
[Seacord 05b] Seacord, R. "Managed String Library for C, C/C++." Users Journal 23, 10 (October 2005): 30-34.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="482232d4-1078-4fa9-a2a4-6c7d45651b16"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
[Summit 95] Summit, Steve. C Programming FAQs: Frequently Asked Questions. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f3266e26-5ee1-4625-9a75-c00d067568b1"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
[Summit 05] Summit, Steve. comp.lang.c Frequently Asked Questions (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bcd702a2-906d-49a3-902c-6b25a861a3ba"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro>
[van de Voort 07] van de Voort, Marco. Development Tutorial (a.k.a Build FAQ) (January 29, 2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fc755fee-3cfd-49e7-8190-e5b15be4bffb"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
[Viega 03] Viega, John & Messier, Matt. Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d906657e-37a0-4a07-937c-98187aa22248"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
[Viega 05] Viega, John. CLASP Reference Guide Volume 1.1. Secure Software, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="16cef0a3-4798-498b-9f88-3df9219e42ba"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro>
[VU#286468] Burch, Hal. Vulnerability Note VU#286468, Ettercap contains a format string error in the "curses_msg()" function (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="77661286-b983-41af-8fca-394041598ea8"><ac:parameter ac:name="">VU#551436</ac:parameter></ac:structured-macro>
[VU#551436] Giobbi, Ryan. Vulnerability Note VU#551436, Mozilla Firefox SVG viewer vulnerable to buffer overflow (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bb22b249-6805-488f-88e9-269c8da33914"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
[VU#649732] Gennari, Jeff. Vulnerability Note VU#649732, Samba AFS ACL mapping VFS plug-in format string vulnerability (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fb3d2648-e451-4b46-a660-7f602b120f8c"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
[VU#881872] Manion, Art & Taschner, Chris. Vulnerability Note VU#881872, Sun Solaris telnet authentication bypass vulnerability (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="19a2a679-4e77-495b-8f74-93dea1ad095c"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
[Warren 02] Warren, Henry S. Hacker's Delight. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="89612182-6c30-48ef-b5eb-1be0cd8f5feb"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
[Wheeler 03] Wheeler, David. Secure Programming for Linux and Unix HOWTO, v3.010 (March 2003).

  • No labels