Safer Code – Secure Coding In C \ C++ And More..

Subscribe To Our Feed | Follow Us On Twitter | Get Updates on Email

In my previous posts, I have been emphasizing on validating Integer and String inputs by putting various checks in place. But now, I’ll suggest you to consider any type of input to your application or software as “Evil”. Consider the following two rules for any input data:

1. All input is evil until proven otherwise.
2. Data must be validated as it crosses the boundary between untrusted and trusted environments.

Till now, I explained how to validate Integer and String data, but today, I’ll explain what is to be validated in the input data. First things first, Look for valid data and reject everything else. You should deny all access until you are sure that the input in the request is valid. You should look for valid data and not look for invalid data for two reasons:

1. There might be more than one valid way to represent the data.
   • For example: a word “Rose” can be represented in many ways like “ROSE”, “rose”, “R%6fse”, “RoSE” et cetera. All the mentioned words are the variations of single word “Rose” and they are valid variations. But, This can definitely be a problem for an application.
2. You might miss an invalid data pattern.

Consider the following code:

bool IsBadExtn(char *szFileName)
{
	/* some code */
	if(szFileName)
	{
		size_t cFileName = strlen(szFileName);
		if(cFileName >= 3)
		{
			char* szBadExtn[] = {".exe",".com",".bat",".cmd"}; /** Line 9 **/
 
			/* code to check validate the input "szFileName" against these file extensions which are not allowed */
		}
	}
}

Now, The above mentioned code is not good enough as It does not catches all the vulnerabilities. This program is trying to block all those types of file extensions which might be harmful for the system if executed. But, The validation done is not good enough as even “.pl”, “.js”, “.vbs”, “.wsh” etc can also be harmful. So, To protect your system, allow only file those types which are expected. For example: Line 9 can be replaced by

char* szGoodExtn[] = {".gif",".bmp",".png",".txt"};

This is a positive aspect of data validation. This is needed as we don’t know what are various possibilities that a program can be exploited with. So, we block all access other than the expected input.

In a nutshell, There is no hard and fast rule whether to do a negative validation or a positive validation. It’s purely up to you depending on the application requirements. But, If you take care of the above mentioned rules, There are very rare chances of  tainted data entering into your system.

© Safer Code | All Input is Evil

Liked this post? Get FREE Updates Subscribe to RSS feed Or Enter Your E-mail ID below

Related posts

• Validating Untrusted Integer Inputs (6)
• Using Enum Pattern in Java < 1.5 (1)
• And So It Begins… (0)
• Predicting the rand() and using Cryptographic Random Numbers (7)
• int main() vs void main() (22)

Tags: C, Concepts, input validation, programming, Safety, Security, security holes, untrusted inputs

This entry was posted on Tuesday, November 18th, 2008 at 9:30 pm and is filed under C/C++, General, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.