# Lecture 04: C Software Security

C is an important language for several reasons:

- very efficient
- several other languages use C components
- lots of legacy infrastructure is written in C

Comparing languages:

- **C**: compiler to machine code, typed but weakly enforced, low-level memory, user manages memory
  - not memory safe: responsibility for securing memory falls to the developer
- **Python/Perl/PHP**: dynamically and strong typed, interpreted, automatic memory management
- **Java/C#**: type safe and strongly typed, automatic memory management, implicit memory access
  - Java: compiles to byte code, run by the JVM. Initially interpreted and just-in-time translated
  - C#: mix of compile and just-in-time

## Common Vulnerabilities 

### Spatial Violations

**Buffer overflows**: data is written outside a buffer's boundary (after the buffer)

- commonly result from insufficient input checks, unchecked buffer size, and integer overflows
- can happen through common functions such as strcpy(), strcat(), memcpy(), memset(), and memmove()
-  may also happen using read(), fread(), gets(), fgets() etc.

**Buffer underflows**: Opposite direction of overflows. Less common

Off-by-one variation: writing outside boundaries of a buffer off by one byte

Effects of over/underflows:

- crash the app (DoS)
- take over the app
  - if remote: remote code execution
  - else: arbitrary code execution
- corrupt app state
- leak sensitive data

### Format String Bugs

Exploits formatted output functions such as printf(), sprint(), snprintf() etc. 

- printf() is a variadic function, meaning that it accepts a variable number of arguments
- the problem here revolves around the evaluation of the input string as a format string
- the same result of overflows are possible, meaning that reading/writing arbitrary data from/to data is possible 

### Uninitialized Memory

Using a variable before initializing it with a value

Vulnerabilities are:

- uninitialized variable can contain stale program values
- the value may be a stale value controlled by the attacker
- much larger issue if what is controlled is a pointer
  - function pointers especially are critical

### Null Pointer Dereferences

Happens when a null pointer (of address 0) is dereferenced

Could occur when a variable is uninitialized or when a previously cleared variable is used 

Possibilities:

- depends is what is at address 0
  - usually not allocated/mapped: app crashes
  - otherwise: memory corruption

### Use-After-Free (UAF)

Temporal violation that occurs when writing using a pointer that no longer points to a valid buffer

- such pointers are called dangling
- serious and hard to discover and defend against:
  - become more complex due to threading and concurrency
  - severity depends on the type of object that the dangling pointer points to
  - as severe as other memory corruption errors

### Type Confusion

An object is accessed using a pointer of the wrong type

Type of pointer for casting determines what function to be called
  
  - pointers disguised as normal data is problematic

**Segmentation fault**: when an attempt is made to access memory that either:

- doesn't exist
- that requires a higher tier of permissions than what is accessible
