Adding buffer overflow detection to string functions

This article describes the steps required to add buffer overflow protection to string functions. As a real-world example, we use the strlcpy function, which is implemented in the libbsd library on some GNU/Linux systems.

This kind of buffer overflow protection uses a GNU Compiler Collection (GCC) feature for array size tracking (“source fortification”), accessed through the __builtin_object_size GCC built-in function. In general, these checks are added in a size-checking wrapper function around the original (wrapped) function, which is strlcpy in our example.

Continue reading “Adding buffer overflow detection to string functions”

Coala, setting it up and auto patching

Coala is a free and open-source language-independent analysis toolkit, written in Python. The primary goal of coala is to make it easier for developers to create rules, which a project’s code should conform to the developer-defined rules. It has support for more than 40+ programming languages and is best for people who want their code to look good and follow good coding practices. It’s been developed at https://github.com/coala/coala

Continue reading “Coala, setting it up and auto patching”

October 2016 ISO C Meeting Report

Trip Report: October 2016 WG14 Meeting

In October 2016, I attended the WG14 (C language committee) meeting in Pittsburgh, Pennsylvania. The meeting was hosted by the Computer Emergency Response Team (CERT) at the Software Engineering Institute (SEI) at Carnegie Mellon University (CMU). We had 25 representatives from 18 organizations in attendance, including CERT, Cisco, IBM, INRIA, Intel, LDRA, Oracle, Perennial, Plum Hall, Siemens, and the University of Cambridge. It was a productive four days spent on two major areas:

  • Work on C11 defect reports aimed at the upcoming C11 Technical Corrigendum (TC) expected to be finalized in 2017. This will be the last revision of C11 to be published. The next revision of C will be a “major” version that is for the time being referred to as C2X.
  • Review of proposals for the next revision of C, C2X. To meet the TC 2017 schedule some C11 defects will have to be deferred to C2X. The C2X charter is in N2086.

Below is a list of some of the interesting C2X proposals the group discussed.

Continue reading “October 2016 ISO C Meeting Report”

Microservices: Zero Downtime Deployment; Hot reconfiguration on OpenShift

2017: Time for a new resolution and the most important resolution for this year should be to adopt microservices to spend less effort on development and improve your time to market (TTM). Nowadays, there are plenty of tools and frameworks at the disposal of the discerning developer to rapidly build microservices. A few examples include Spring Boot, Vertx, etc.

Continue reading “Microservices: Zero Downtime Deployment; Hot reconfiguration on OpenShift”

Mobile Apps Load Testing

Mobile App development does not stop when you build your app and have a binary ready to be installed on the device. Regardless of how good your code is or how much unit and regression testing you performed, there are elements that need to be tested under different circumstances, for example, data traffic, the number of users, location, and high latency in the mobile network.

Continue reading “Mobile Apps Load Testing”

Red Hat JBoss Data Virtualization on OpenShift: Part 4 – Bringing data from outside to inside the PaaS

Welcome to part 4 of Red Hat JBoss Data Virtualization (JDV) running on OpenShift.

JDV is a lean, virtual data integration solution that unlocks trapped data and delivers it as easily consumable, unified, and actionable information. JDV makes data spread across physically diverse systems such as multiple databases, XML files, and Hadoop systems appear as a set of tables in a local database.

Continue reading “Red Hat JBoss Data Virtualization on OpenShift: Part 4 – Bringing data from outside to inside the PaaS”

Container Images Compliance – what we built at ManageIQ to remove a security pain point – part 2

Part 2 of 2

In part one of this blog post, we mentioned a pain point in Container based environments. We introduced SCAP as a means to measure compliance in computer systems and introduced ManageIQ as a means of automating Cloud & Container based workflows.

Continue reading “Container Images Compliance – what we built at ManageIQ to remove a security pain point – part 2”

End To End Encryption With OpenShift Part 1: Two-Way SSL

This is the first part of a 2 part article, part 2 (End To End Encryption With OpenShift Part 2: Re-encryption) will be authored by Matyas Danter, Sr Consultant with Red Hat, it will be published soon.

This article aims to demonstrate use cases for Openshift routes to achieve end-to-end encryption. This is a desirable and sometimes mandated configuration for many verticals, which deal with strict regulations.

Continue reading “End To End Encryption With OpenShift Part 1: Two-Way SSL”