lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAFf+5zi44QwoqZE196KkT9sQ2p+RybxQuzm1-9Mxn_sUK+Csdw@mail.gmail.com>
Date: Thu, 19 Jun 2025 11:47:30 +0530
From: Amit <amitchoudhary0523@...il.com>
To: linux-kernel@...r.kernel.org
Subject: My coding guidelines for C programs.

My coding guidelines for C programs.

--------------------------------------------------
My coding guidelines for C programs.
--------------------------------------------------

* Check all arguments of a function, even if the function is called from a
  trusted function. All arguments should have a MIN and a MAX value and the
  argument's value should be greater than or equal to (>=) the MIN value and
  less than or equal to (<=) the MAX value. If the argument's value is not
  within this range then no further processing should be done and an error
  should be returned.

  Checking arguments validity is very very important because, in my opinion,
  not doing this is the source of most of the security vulnerabilities. Even
  switches/routers/security software/software of security appliances, etc.
  should check the validity of function arguments. In fact, all software written
  in this world should check for the validity of function arguments.

* Always check the return values of the functions that you call before
  proceeding ahead.

* Always check whether the pointers are NULL or not before using them.

* Always use calloc() to allocate memory instead of malloc(). This is because
  calloc() sets all bytes of the allocated memory to a value of zero (0) and
  this may help in reducing/catching some bugs.

* Make the pointer variable NULL after freeing it.
  Example: free(var); var = NULL;

* Don't use unbounded C functions like - strcpy(), strlen(), strcat(), gets(),
  etc., but instead always use bounded C functions like - strncpy(), strnlen(),
  strncat(), fgets(), etc.

* Don't use unsigned data types unless you are totally sure because conversion
  between signed and unsigned data types may lead to bugs and security issues.
  Also, using unsigned data type in a loop's exit condition may result in bugs
  and infinite loops.

* Don't typecast between data types of different lengths unless you are
  absolutely sure. This is because the values may change if you typecast from a
  longer data type to a shorter data type. For example, let's say that you have
  a 'long' variable 'l' that has a value of 8589934591 (0x1FFFFFFFF) and now if
  you typecast it to an 'int' variable 'i', then the value of 'i' will become
  -1 (0xFFFFFFFF). When you typecast from a shorter data type to a longer data
  type and if the shorter data type is negative then signed extension will
  happen in the longer data type and you may not be expecting that.

* Don't typecast between data types of same length also unless you are
  absolutely sure.

* Don't use global variables unless really really necessary. If you need to use
  a variable in multiple functions, then you can pass around that variable as a
  function argument instead of making it global. Even then if you think that you
  need a global variable then consider making it static so that it is not
  visible outside of the file.

* Initialize all variables (global/local/static) to proper values. In C, all
  global/static variables are initialized to 0, but even if your proper value is
  0, even then you should initialize explicitly to make code more readable.

*. Don't expose all functions to the user. Expose only those functions that the
   user will actually need, rest of the functions should be static. And also,
   the user may not need to look at the static functions so put all the static
   functions at the bottom of the source file.

* Don't hard-code any value in the program. Make it a #define. This is because
  if you hard-code the same value at multiple places then changing all of them
  will be a bit tedious and it is possible that you may miss out changing it at
  some places. If it is a #define, then you need to change it at one place only.

* Compile all your C programs using the following gcc flags: -Wall -Werror
  -Wextra -Wundef -Wunreachable-code -Winit-self -Wparentheses -Wconversion
  -Wsign-conversion -Wsign-compare -Werror-implicit-function-declaration
  -Wmissing-prototypes -Wmissing-declarations -Wformat-security

* Don't hard-code passwords or any other credentials in your program.

* Don't use 'long' unless absolutely necessary (like when dealing with files).
  Always use 'int'.

* Don't use recursive functions, unless absolutely necessary, because recursive
  functions can lead to stack overflow.

* Don't use shorthands so that the code is more readable. Some examples are
  given below:

        ** Instead of using "if (!ptr)", you should use "if (ptr == NULL)".
        ** Instead of using "if (!*char_ptr)", you should use
           "if (char_ptr[0] == '\0')".
        ** Instead of using "char_ptr[i] = 0", you should use
           "char_ptr[i] = '\0'".

* Always put opening and closing braces for 'for loop', 'while loop', 'if
  statement', 'else statement', 'else if statement', etc. even if the contained
  line of code within the braces is only one line. This is for protecting
  against accidental mistakes (like adding another line of code in a 'for loop'
  that has no braces and then forgetting to put the enclosing braces). Also,
  this practice makes code more readable.

--------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ