List of useful security libraries

Kernel Mustard » Blog Archive » More security libraries

Kernel Mustard » Blog Archive » More security libraries — Tue, 28 Feb 2006 00:57:00 GMT

PingBack from http://kernelmustard.com/2006/02/27/more-security-libraries/

re: List of useful security libraries

James — Tue, 28 Feb 2006 14:29:12 GMT

That SafeInt class template (not template class) has got to be the worst bit of C++ I've seen in a while. Didn't that guy read Effective C++ or myriad other things? There's got to be something unsafe about bypassing the short-circuit evaluation for logical operators. The author doesn't justify his suspect choices, so I'll assume he doesn't know what he's doing.

re: List of useful security libraries

David LeBlanc — Mon, 27 Mar 2006 21:33:39 GMT

BTW, Michael should have posted the link to the 2.0 version of the class, which is a fair bit cleaner, and is also posted on MSDN.

There is something unsafe about bypassing short-circuit evaluation for logical operators. But if you're going to pass a SafeInt to something that needs a bool, you're going to end up with this. It is one of the design trade-offs, and this one was considered very early on. The only time this will really bite you is in the case of:

if(func() && func2())

where is isn't valid to call func2 unless func has succeeded. That's not a typical usage scenario for SafeInt, hence the design decision.

There's several hundred lines of documentation and comments in the class - perhaps I missed that point.

Funny you should mention Meyers' books - they're among my favorites, and Scott wrote me to let me know he really liked this class. If you take a look in the comments, you'll see where I made changes based on his input.

Corrected URLs

David LeBlanc — Mon, 27 Mar 2006 23:30:27 GMT

The newer version of SafeInt (2.0), and the associated article is at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure05052005.asp, and a direct link to the code is http://msdn.microsoft.com/library/en-us/dncode/html/secure05052005_sample.txt

BTW, an easy work-around to ensure short circuiting works as you want is to write clean code like so:

Instead of:

if(SafeInt<int>(x) && SomeFunc())

write:

if(SafeInt<int>(x) != 0 && SomeFunc())

This is nicer, more readable code, and the != operator does return a bool, this the && operator then works exactly as you expect. Another work-around would be to do this:

if((bool)SafeInt<int>(x) && SomeFunc())

My personal opinion is that if you write code that depends on short-circuiting to work correctly without side-effects, you'll find that others will have a hard time maintaining your code.

YMMV.

Windows Vista Security – A Bigger Picture

Michael Howard's Web Log — Mon, 12 Jun 2006 17:44:17 GMT

A couple of people have asked about the relationship between /GS, SAL and ASLR in Windows Vista. Here’s...

Soci blog » Blog Archive » Az elm??lt h??t tanuls??gai

Soci blog » Blog Archive » Az elm??lt h??t tanuls??gai — Mon, 03 Jul 2006 17:07:01 GMT

PingBack from http://soci.hu/blog/index.php/2006/07/03/az-elmult-het-tanulsagai/

Librerie sicure per C e C++ « Satius est supervacua scire

Librerie sicure per C e C++ « Satius est supervacua scire — Wed, 02 Apr 2008 18:57:12 GMT

PingBack from http://manuel91.wordpress.com/2008/04/02/librerie-sicure-per-c-e-c/