0

I was in an interview a few days ago and i got the following demand:

write a library function to find the MIN element of an array. MAKE IT AS SECURE AS POSSIBLE. alright, so it was obvious that the accent there was on the security. The language is C, the company is in the embedded field. I later asked the interviewer if they can at least explain to me what is the case here because I was truly curious to learn, but he wasn't very talkative... So, I turned google upside down, but I did not find specifically a solution to this request. I am fairly new to C. What are the security flaws that can occur here? What are the red flags? I know that we should watch for array boundaries because overflowing it will cause memory issues and we could easily write/read from random memory. But aside of that, what should i look for? Any feedback would be extremely useful! Thanks a bunch!

Krasimir Yordanov
  • 23
  • 6
  • Its not exactly *security*, but I'd consider thread safety: What happens if the function is called simultaneously from multiple threads? If one thread attempts to alter the array while another thread is searching for the MIN element? Do you have mutexs and locking in place? – abelenky Apr 25 '20 at 21:44
  • "secure" and "array" are mutually exclusive in C. So my guess is this was a discussion question, not a coding question. – user3386109 Apr 25 '20 at 22:29

3 Answers3

2

There are really only two ways to search an array in C. Either you are explicitly told how many elements exist in the array, or there is some sort of value that you can check for to indicate end-of-array (like '\0' for strings).

If the first case is being used then and we have an array of ints, for example, then this:

int minInt(int array[],size_t num_elements){
  if(array==NULL || num_elements==0)
    return -1;
  size_t i;
  int min = array[0];
  for(i = 1; i < num_elements; ++i)
    if(array[i] < min)
      min = array[i];
  return min;
}

Is a good solution. If we're using the second case, and we have an array chars in the form of a C string, for example, and '\0' represents end-of-array, then perhaps this:

char minChar(char array[]){
  if(array == NULL)
    return -1;
  size_t i;
  char min = array[0];
  for(i = 0; array[i] != '\0'; ++i)
    if(array[i] < min)
      min = array[i];
  return min;
}

...would be a good response. It depends a lot on the specifics of the system, and the second case is only safe if you can be certain that the stop value is not missing.

Willis Hershey
  • 1,520
  • 4
  • 22
0

There are two aspects to take into account:

  • Memory Management
  • Concurrency

Memory Management

As you mentioned you are using C, which is a low-level language, functions can easily mess-up and access wrong memory locations, specially when there are many pointers passing around. So it is always good to make sure what are the boundaries of the array you are accessing, and enforce some rules to avoid passing them.

Some security attacks may happen when the attacker alters the parameters so that the function may return data from memory location outside the array! repeat the process multiple times with different altered parameters and the data in the memory is leaked!

Concurrency

This only applies when you know there are multiple threads are running on the same program, then you might want to have a critical section that locks the array your function is using it.

I believe most of the functions you will find online do the job securely, perhaps your interviewer just wanted you to discuss with him the threats and attacks that might take place, and how are you aware about them.

Ahmed Hammad
  • 2,798
  • 4
  • 18
  • 35
0

Security is most valuable feature we need to cover in our code, and in order to rich this level most of the time we need to pick a secure environment like Java, but in some case (especially in the embedded field) we need to handle the security manner manually. in the low level programming (the c-programming) there are two most common security issue: Buffer overflow, and double free attack. The buffer overflow is when the user try to enter an amount of data out of supported range (briefly) so to avoid this malicious security you need to cover as much as possible the edge case and prevent as creative the most "weird" scenario :).

char the_array[100];

taking the previous declaration the_array is work fine until the user/function decide to enter more then 100 character then you will be lucky if you avoid program crashing. so handling as much as possible edge case and be creative of reading real life scenario you can avoid this issues and there are a lot of techniques helps you. The double free attack: this is the case when accidentally frees a pointer two times when you have re-initialize the pointer with a new memory address.

char *ptr;
ptr = malloc(10 * sizeof(*ptr));
/* Doing stuff */
free(ptr);

This is a sample dynamic allocation for pointer, in order to escape double free attack you need to set the ptr to null. 

free(ptr);
ptr = NULL;

assuming you have a great knowledge about the C-programming, you need to avoid as much as possible the double free and nullify the pointer after each use. and there is a great tool helping debugging memory in C, try to use Valgrind in each run or test of you program it helps to track memory leak, double free, uninitialized variable ...

Sebri Issam
  • 46
  • 1
  • 4