Defensive Programming - Secure Programming

Defensive programming is sometimes referred to as secure programming by computer scientists who state this approach minimizes bugs. Software bugs can be potentially used by a cracker for a code injection, denial-of-service attack or other attack.

A difference between defensive programming and normal practices is that few assumptions are made by the programmer, who attempts to handle all possible error states. In short, the programmer never assumes a particular function call or library will work as advertised, and so handles it in the code. An example follows:

int risky_programming(char *input){ char str; // one more for the null character // ... strcpy(str, input); // copy input // ... }

The function will crash when the input is over 1000 characters. Some novice programmers may not feel that this is a problem, supposing that no user will enter such a long input. A programmer practicing defensive programming would not allow the bug, because if the application contains a known bug, Murphy's Law dictates that the bug will occur in use. This particular bug demonstrates a vulnerability which enables buffer overflow exploits. Here is a solution to this example:

int secure_programming(char *input){ char str; // ... strncpy(str, input, sizeof(str)); // copy input without exceeding the length of the destination str = '\0'; // if strlen(input) == sizeof(str) then strncpy won't NUL terminate // ... }