Security Code Review

From reSIProcate
Revision as of 09:16, 10 December 2006 by Jmatthewsr (talk | contribs)
Jump to navigation Jump to search

Introduction

This document is intended to outline procedures for reviewing the resiprocate code base for security related bugs.

Tasks

  • NULL raw, smart pointers checks
  • check for null, change to smart pointer if possible
  • STL iterators
  • example: front(), container must not be empty to call front
  • buffer overruns
  • C string & memory routines (strcpy,etc, implement microsoft *_s functions for windows?)
  • run code analysis tools
  • turn on/fix compiler warnings
  • g++ -Wall, Level 3(or 4) warnings in Visual C++

References