Buffer
Overflow Causes. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G.
Hogle.
http://sfsecurity.pr.erau.edu
Unsafe
library function calls - Recommendations.
•Never,
ever, ever use gets(). Only under
freak conditions will it NOT cause a buffer overflow.
•Also
avoid functions like strcpy() and strcat(). Use strncpy() and strncat()
instead.
•Use
precision specifiers with the scanf() family of functions (scanf(), fscanf(), sscanf(), etc.). Otherwise they will not do any bounds
checking for you.
•Be
careful with sprintf(). Use
precision specifiers or use snprintf() instead.
•Never
use variable format strings with the printf() family of functions.
•Every
file or path handling library function has its own quirks, so be careful.
•Functions
like fgets(), strncpy(), and memcpy() are okay, but make sure your buffer is the size you say it is. Be careful of off-by-one errors.
•When
using streadd() or strecpy(), make sure the destination buffer is four times the size of the source buffer.
•A
very useful tool to aid with finding unsafe library function calls during code inspection are static analyzers such as ITS4.
•Testing
will catch many, but not all, buffer overflows. Code inspection in combination with testing will produce the best results.