Security Coding Module Integer Error – “You Can’T Count That High”

Home , Integer overflow, Module (mathematics)

Security Coding Module Integer Error – “You Can’t Count That High” – CS1

Summary:

Integer values that are too large or too small may fall outside the allowable range for their data type, leading to undefined behavior that can both reduce the robustness of your code and lead to security vulnerabilities.

Description:

Declaring a variable as type int allocates a fixed amount of space in memory. Most languages include several integer types, including short, int, long, etc. , to allow for less or more storage. The amount of space allocated limits the range of values that can be stored. For example, a 32-bit int variable can hold values from -231 through 231-1.

Input or mathematical operations such as addition, subtraction, and multiplication may lead to values that are outside of this range. This results in an integer error or overflow, which causes undefined behavior and the resulting value will likely not be what the programmer intended. Integer overflow is a common cause of software errors and vulnerabilities.

Risk – How Can It Happen?

An integer error can lead to unexpected behavior or may be exploited to cause a program crash, corrupt data, or allow the execution of malicious software.

Example of Occurrence:

1. There is a Facebook group called “If this group reaches 4,294,967,296 it might cause an integer overflow.” This value is the largest number that can fit in a 32 bit unsigned integer. If the number of members of the group exceeded this number, it might cause an overflow. Whether it will cause an overflow or not depends upon how Facebook is implemented and which language is used – they might use data types that can hold larger numbers. In any case, the chances of an overflow seem remote, as roughly 2/3 of the people on earth would be required to reach the goal of more than 4 billion members. 2. On December 25, 2004, Comair airlines was forced to ground 1,100 flights after its flight crew scheduling software crashed. The software used a 16-bit integer (max 32,768) to store the number of crew changes. That number was exceeded due to bad weather that month which led to numerous crew reassignments. 3. Many Unix operating systems store time values in 32-bit signed (positive or negative) integers, counting the number of seconds since midnight on January 1, 1970. On Tuesday, January 19, 2038, this value will overflow, becoming a negative number. Although the impact of this problem in 2038 is not yet known, there are concerns that software that projects out to future dates – including tools for mortgage payment and retirement fund distribution – might face problems long before then. Source: Year 2038 Problem” http://en.wikipedia.org/wiki/Year_2038_problem

Code Responsibly– How Can I Avoid Integer Error?

1. Know your limits: Familiarize yourself with the ranges available for each data type. Since the size of C++ data types is compiler and machine dependent, it is a good idea to run the following program to show you the limits of each variable type.

1. Choose your data types carefully: Many programming languages include multiple data types for storing integer values. If you have any concerns about the integer values that you will be using, learn about the options available in the language you are using, and choose integer types that are large enough to hold the values you will be using. One useful strategy for reducing integer errors is to declare any variable that is used to represent the size of an object, including integer values used as sizes, indices, loop counters, and lengths, as size_t. The size_t type is the unsigned integer type. 2. Validate your input: Check input for ranges and reasonableness before conducting operations.(More on this in future modules.)

Laboratory Assignment

1. Type* the program under the ‘know your limits’ section above. Compile and run (You may see warnings about unused variables. Ignore these for now, they will be fixed later).

2. Examine the output. What is the largest possible integer value? What is the largest possible short integer? 3. Type* the lines below into the program.

cout << "Input an integer value " << endl; cin >> i; cout << "Enter a character value " << endl; cin >> ch; cout << "Enter a short value " << endl; cin >> sh; cout << "Enter an unsigned short value " << endl; cin >> us; cout << "Enter a long value " << endl; cin >> lon;

cout << endl << "You entered the following values: " << endl; cout << "integer: " << i << endl; cout << "character: " << ch << endl; cout << "short: " << sh << endl; cout << "unsigned short: " << us << endl; cout << "long: " << lon << endl;

Compile and run. Enter valid values at each prompt.

4. Run again with “invalid” values. For example, what is the smallest positive value for the short that leads to an error?

5. Add the following lines to the end of the program:

sh = sh *10; cout << "Ten times short value: sh = "<< sh << endl;

Enter the value 4000 for the short. Try 3277. Explain the output. What happens when an integer error occurs ?

6. Add the following lines to the end of the program:

cout << "INTEGER OVERFLOW: i = " << INT_MAX + 1 << endl;

Compile and run. Explain the output.

7. Print one of the programs you completed for your lab today that includes integers. Submit marked program and completed checklist.

*Copying and pasting programs may result in syntax errors and other inconsistencies. It is recommended you type each program.

Security Checklist Vulnerability: Integer Errors Course: CS1 Check each line of code Completed 1. Underline each occurrence of an integer variable. For each underlined variable: 2. Mark with a V any input operations that assign values to the variable. 3. Mark with a V any mathematical operations involving the variable. 4. Mark with a V any assignments made to the variable. Highlighted areas indicate vulnerabilities!

Discussion Questions

1. In your own words, describe an integer error. 2. How could an integer overflow error occur in your program? 3. What happens when an integer error occurs? 4. Why is multiplication particularly risky? 5. Overflow can also occur when the dividend is equal to the minimum (negative) value for the signed integer type and the divisor is equal to -1. Demonstrate this problem adding the following lines to the end of the above program.

cout << "INTEGER OVERFLOW: i = " << INT_MIN/-1 << endl;

Further Work (optional – check with your instructor if you need to answer the following questions)

1. For each of the following give the appropriate Java declaration: o Number of students at your college o Population of Baltimore 637,455 o Population of Maryland 5.6 million o the world population (6.6 billion) 2. Name three things you might do in your next program to prevent an integer error from occurring.