C语言编程：安全编码规则详解

开发语言

需积分: 5 52 浏览量更新于2024-07-06 收藏 1.36MB PDF 举报

身份认证购VIP最低享 7 折!

30元优惠券

C语言编程代码安全规则是针对C语言开发过程中确保软件安全的重要准则。这个文档（ISO/IEC 2012 – TS 17961）由ISO/IEC JTC 1/SC 22/WG 14 N1624起草，处于预备阶段，日期为2012年6月26日，由ANSI负责秘书处。它属于信息技术领域的标准，旨在规定程序设计语言、其环境和系统软件接口的安全编码规则。在C语言编程中，安全规则的重要性不言而喻，因为不当的编程实践可能导致漏洞，使软件容易受到攻击，例如缓冲区溢出、SQL注入等。该文档强调了以下几点关键知识点： 1. **安全性原则**：C语言安全编码规则着重于预防潜在的安全威胁，如保护敏感数据、限制权限访问、避免硬编码密码和密钥等，以防止未经授权的访问和数据泄露。 2. **输入验证与错误处理**：强制要求对用户输入进行严格的检查和验证，以防止恶意输入导致的系统崩溃或安全漏洞。这包括对数组边界、类型转换异常以及格式化字符串的正确处理。 3. **内存管理**：强调正确的内存分配和释放，防止内存泄漏，同时避免使用可能导致栈溢出的函数，如递归调用时的深度控制。 4. **数据加密**：推荐使用安全的加密算法来存储和传输敏感信息，确保即使数据被截获，也无法轻易解密。 5. **异常处理**：提供适当异常处理机制，当程序遇到不可预见的情况时，能够优雅地处理并防止程序崩溃。 6. **API和库使用**：建议开发者在使用第三方库或API时，了解其安全特性，避免使用已知有安全问题的组件。 7. **源码审查与审计**：鼓励定期的源代码审查，以发现并修复隐藏的安全隐患，同时遵循安全编码最佳实践。 8. **专利声明**：提醒接收者在提交评论时，应通知他们所知的相关专利权，并提供支持文档，以维护文档的合法性。需要注意的是，由于此文档仅为草案，可能随时进行更改，因此不应将其视为国际标准直接引用。开发者在实际编程时，应根据最新版本的C语言安全编码规则进行操作，确保代码的稳定性和安全性。

资源详情

资源推荐

ISO/IEC TS 17961

for (; head != NULL; head = head->next) { // diagnostic required

free(head);

}

EXAMPLE 2 In this noncompliant example, a diagnostic is required because buf is written to after it has been freed.

int main(int argc, char *argv[]) {

if (argc < 2) {

/* ... */

}

char *return_val = 0;

const size_t bufsize = strlen(argv[1]) + 1;

char *buf = (char *)malloc(bufsize);

if (!buf) {

/* ... */

}

/* ... */

free(buf);

/* ... */

return_val = strncpy(buf, argv[1], bufsize); // diagnostic required

if (return_val) {

/* ... */

}

return EXIT_SUCCESS;

}

EXAMPLE 3 In this noncompliant example, a diagnostic is required because realloc may free c_str1 when it returns

NULL, resulting in c_str1 being freed twice.

void f(char * c_str1, size_t size) {

char * c_str2 = (char *)realloc(c_str1, size);

if (c_str2 == NULL) {

free(c_str1); // diagnostic required

return;

}

5.3 Accessing shared objects in signal handlers [accsig]

Rule

Accessing values of objects that are neither lock-free atomic objects nor of type volatile sig_atomic_t

in a signal handler shall be diagnosed.

Rationale

C identifies the situation in which undefined behavior arises as a result of accessing a static storage duration

object without the correct characteristics:

Description

132

A signal occurs other than as the result of calling the abort or raise function, and the signal handler refers to an

object with static storage duration other than by assigning a value to an object declared as volatile

sig_atomic_t, or calls any function in the standard library other than the abort function, the _Exit function,

or the signal function (for the same signal number) (7.14.1.1).

ISO/IEC TS 17961

Rationale

Mistyping or erroneously using = in Boolean expressions, where == was intended, is a common cause of

program error. This rule makes the presumption that any use of = was intended to be == unless the context

makes it clear that such is not the case.

Example(s)

EXAMPLE 1 In this noncompliant example, a diagnostic is required because the expression x = y is used as the

controlling expression of the while statement.

while ( x = y ) { /* ... */ } // diagnostic required

EXAMPLE 2 In this noncompliant example, a diagnostic is required because the expression x = y is used as the

controlling expression of the while statement.

do { /* ... */ } while ( foo(), x = y ) ; // diagnostic required

EXAMPLE 3 In this compliant example, no diagnostic is required because the expression x = y is not used as the

controlling expression of the while statement.

do { /* ... */ } while ( x = y, p == q ) ; // no diagnostic required

Exceptions

 EX1: Assignment is permitted where the result of the assignment is itself a parameter to a comparison

expression (e.g., x == y or x != y) or relational expression and need not be diagnosed.

EXAMPLE This example shows an acceptable use of this exception.

if ( ( x = y ) != 0 ) { /* ... */ }

 EX2: Assignment is permitted where the expression consists of a single primary expression.

EXAMPLE 1 This example shows an acceptable use of this exception.

if ( ( x = y ) ) { /* ... */ }

EXAMPLE 2 In this noncompliant example, a diagnostic is required because && is not a comparison or relational operator

and the entire expression is not primary.

if ( ( v = w ) && flag ) { /* ... */ } // diagnostic required

 EX3: Assignment is permitted in the above contexts where it occurs in a function argument or array index.

EXAMPLE This example shows an acceptable use of this exception.

if ( foo( x = y ) ) { /* ... */ }

5.5 Calling functions in the C Standard Library other than abort, _Exit,

and signal from within a signal handler [asyncsig]

Rule

Calling functions in the C Standard Library other than abort, _Exit, and signal from within a signal

handler shall be diagnosed.

剩余95页未读，继续阅读

小小飞侠x

粉丝: 0
资源: 3

C语言编程：安全编码规则详解

C语言编程源代码

C语言编程规范标准.pdf

万年历 农历c语言编程代码

c语言编程技巧 chm

c语言编程俄罗斯方块代码

华为c语言编程规范v5.1

华为c语言编程规范5.0

嵌入式开发c语言编程规范 pdf

c语言编程规范 华为

c语言编程祝你生日快乐

华为c语言编程规范v5_1

小游戏c语言编程代码100行

c语言基础编程100道

嵌入式c语言编程规范--misra c标准的奥秘与应用 pdf

C语言编程的核心要点包括:

如何编写一份c语言编程规范

汇编语言与c语言混合编程

五子棋c语言代码下载

C语言html代码格式

针对JAVA 、C语言查找两个知名的编程风格指南，讨论分析并选择一个作为本课程的编程指南针对JAVA 、C语言查找两个知名的编程风格指南，讨论分析并选择一个作为本课程的编程指南

最新资源

万年历农历c语言编程代码

c语言编程规范华为