Slashdot Mirror

← Back to Stories (view on slashdot.org)

The 2015 Underhanded C Contest Has Begun

Posted by samzenpus on from the and-the-winner-is dept.

Xcott Craver writes: The 8th Underhanded C Contest is now underway. The goal of the Underhanded C Contest is to write C code that is as readable, clear, innocent and straightforward as possible, but which performs some malicious function that is not obvious from looking at the source code. This year's challenge is based on a real problem in joint development for nuclear treaty verification, and the prize is $1000.

3 of 52 comments (clear)

  1. Start with this Password Verification Function by mykepredko · · Score: 4, Interesting

    I'm trying to remember where I first saw this function (I think it's a pretty common example for security coding seminars):

    int passwordCompare(char* enteredPassword, char* validPassword) {
    int i;

            for (i = 0; (len(enteredPassword) > i) && (enteredPassword[i] == validPassword[i]; ++i) {
            }

            if (len(enteredPassword) == i) {
                    return -1; /* true */
            }
            else {
                    return 0; /* false */
            }
    }

    but, I would imagine that it would qualify as an example for the contest. I don't think it was originally designed to be malicious, but more of a coding error.

    I would expect most of the entries in the contest would be of this variety, something that a (new) coder has put in that works for basic test cases, but has a serious flaw...

    --
    Mimetics Inc. Twitter
    1. Re:Start with this Password Verification Function by alvinrod · · Score: 5, Interesting

      Go look at some of the winners from previous years. Some of the solutions are on such a diabolical level that they might take days or weeks to fully track down and understand and are so convoluted that no one could possibly think it was intentional.

      Last year's winner is a rather good example.

  2. C and C++ differ dramatically in complexity by Anonymous Coward · · Score: 5, Interesting

    Isn't all C++ underhanded?

    This contest concerns underhanded C, not C++. There would be little point in an underhanded C++ contest.

    C is a trivially simple language, with a very small syntax and a very narrow set of semantics. As a result, you have to work pretty hard to make ordinary C contain hidden functionality --- usually this requires abusing the C preprocessor, because the C grammar itself doesn't provide much room for hiding things.

    C++ is at the other end of the complexity scale, being the language with the largest syntax and the most extremely complex semantics of any programming language on the planet. It took that crown from Ada many decades ago, and it hasn't stopped growing since.

    Because of C++'s huge size in every respect, C++ programmers tend to develop their own preferred subsets of the language, and they stick with that subset throughout their lives. There's nothing wrong with that (indeed, it's probably the only way of working with C++), but it has the consequence that one person's clear C++ is another person's incomprehensible C++.

    That makes writing underhanded C++ a rather pointless exercise.