Fixing vulnerabilities in completed software and systems is all good and well, but with Checked C, an extension for the C programming language, Microsoft researchers want to prevent common programming errors that can lead to several types of frequently occurring vulnerabilities.
The C and the C++ programming languages (the latter is derived from the former) are a popular choice for the development of system software. They allow programmers to use pointers – addresses of a location in memory – directly, and this allows programmers to write concise and efficient programs. But, there’s a problem.
“Because pointers and array indices are not bounds checked in C, a programming error involving them may corrupt memory locations used by the program. The memory locations may hold data that is important to the computations being done by the program or data that is essential to the control-flow of the program, such as return address locations and function pointers. Memory corruption can lead to a program producing incorrect results or, in the hands of a malicious adversary, the complete malfunctioning of the program and the takeover of a running process by the adversary,” Microsoft researcher David Tarditi explained in a technical report.
Checked C will provide new pointer types and array types that are bounds-checked, and thus should prevent occurrences like buffer overruns, out-of-bounds memory accesses, and incorrect type casts.
At the same time, Microsoft wants the extension to be backwards-compatible, and wants to preserve the efficiency and control of C.
“In Checked C, the programmer controls the placement of information needed for bounds-checking and how the information flows through the program, so the programmer retains precise control over what a program is doing,” the researchers noted.
“The Checked C extension will let programmers add checking to their programs to detect these kinds of errors when a program runs or while it is being written. Existing system software can be modified incrementally in a backwards-compatible fashion to have this checking.”
The extension is still a work in progress, and contributions are welcome – whether they are just feedback, or proposals for new functionalities, code, etc.