IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [c++]

The C++ programming language

C++ is a low-level programming language. It allows (but discourages) direct pointer manipulation, making it rife for security vulnerabilities.

Use this tag for questions about security that are directly related to C++, such as security analysis of C code and exploiting badly-written C++ code. Do not use this tag just because you're writing a program in C++, only if C++ is directly relevant to the question. Questions about programming in C++ are off-topic here, but can be asked on Stack Overflow.

103 questions
2
votes
1 answer

Is this malloc wrapper safe?

I am trying to stop integer overflow vulnerabilities by creating a simple wrapper around malloc(3) and related functions. The idea is that it returns a NULL pointer if the amount of required memory is too large for the size_t argument (or zero). …
matoro
  • 166
  • 8
2
votes
1 answer

Is it trivial to protect from double free just by LD_PRELOADing a custom malloc/calloc and free?

Can't one just implement a malloc/calloc wrapper that adds the returned pointer address to a global hash table prior to returning, and then a free wrapper that checks for the presence of the pointer in the table prior to freeing (returning early if…
cyborg
  • 23
  • 3
2
votes
1 answer

Is malware programmed in high-level language will be more detected than malware programmed in low-level language?

I would like to know if a simple malware designed to execute commands received by a C&C will have the same result rate if programmed in : lower-language like C++ high-language like Python (converted to executable with a Python converter…
Anonyme
  • 274
  • 2
  • 8
2
votes
1 answer

Is this schema between a Desktop App and an API secure?

From my previous question: How secure is this schema between a Desktop App (c++) and an API (php). Introduction I made a paid Desktop-app that required constant internet connection (because of its nature, not because of security or this schema).…
roberto carlos
  • 59
  • 4
2
votes
1 answer

Obfuscating "sensitive" strings in mobile client

We have a client that runs some native (C++) code on both Android and iOS, to mitigate MITM attacks we use certificate pinning. This means that the binary includes some strings (const char * const bla = "XXXXXXXXXX") that identify the allowed certs…
Dlavimer Tupin
  • 31
  • 3
2
votes
3 answers

Why is this not a buffer overflow?

I'm actually busy with learning more about buffer overflows. I read some interesting tutorials and just got the basic idea behind it. I tried to produce a vulnerable c++ file to test my knowledge against it, but it seems like I missed some of the…
J. Doe
  • 123
  • 2
2
votes
0 answers

How to obfuscate C++ code with movfuscator?

I want to obfuscate a C++ application using movfuscator, but movfuscator currently uses C as the source language and not C++. I tried to do the followings (as they recommended, but with no success): # Compile c++ to llvm bytecode clang++ -S…
Lucian Nitescu
  • 1,802
  • 1
  • 13
  • 27
2
votes
1 answer

Can I get functions addresses from CaptureStackBackTrace?

I'm trying to hook some functions in a static linked executable and I have to get a pattern for the function in almost every new version of the program as the function is quite big so the compiler changes many of the bytes for every little change. I…
dev65
  • 121
  • 1
2
votes
1 answer

How to generate CSR(Certificate Signing Request) using C++ and openssl

I am new to openssl. I am trying to implement the program to generate CSR using openssl and c++. I need to implement the following commands using C++. openssl req -new -newkey rsa:1024 -nodes -keyout key.pem -out x509Req.pem. I have tried a sample…
Kumar
  • 23
  • 1
  • 4
2
votes
4 answers

Writing file shredder

I want to write a simple file shredder in c++, i.e. a program that deletes a file so that it is not recoverable. Would the following be a secure and correct way to do that? (1) Open the file with ofstream myfile; myfile.open ("deleteme.txt",…
Thomas
  • 3,841
  • 4
  • 22
  • 26
2
votes
1 answer

How to implement ECDHE-RSA-AES256-GCM-SHA-2 communication in OpenSSL?

Full question How do you implement client and server based solution-pair to secure network communication for simple C++-based desktop (non-browser) programs utilising the ECDHE-RSA-AES256-GCM-SHA-2 cipher-suite using OpenSSL? Pre-text I am a novice…
Infogeek
  • 21
  • 1
2
votes
1 answer

Practical security for an inexperienced database developer? (HIPAA)

Hopefully my question isn't too unique to be asked here, but I didn't find anything similar after some searching. As a relatively inexperienced developer (only one large project excluding this one under my belt) how can I best secure data at rest in…
Austin
  • 23
  • 6
2
votes
1 answer

Testing Poodle TLS vulnerability with OpenSSL in C++

I'm writing a command-line tool for SSL/TLS vulnerability testing and so far I was able to implement testing for all vulnerabilities that I need, except Poodle TLS. Is there any way I could utilize OpenSSL library to make a quick and reliable test…
Alexander Voloshyn
  • 157
  • 6
1
vote
0 answers

Connect to a wifi through code

Is there any way a person could write a software using for example C++ to connect to a wifi completely by using code?
John Smith
  • 157
  • 1
  • 5
1
vote
1 answer

How to encrypt or store data so that only a pool of processes can share it on Windows?

I am writing an application T1 which is using SQLite database to store some sensitive data and i am trying to encrypt it securely. The issue i am facing is that i don't want my symmetric key to be stored in memory as in that case any other process…
seaborg
  • 11
  • 1
1 2
3
4 5 6 7