Skip to content
Tech News
← Back to articles

The Underhanded C Contest

read original more articles
Why This Matters

The 2015 Underhanded C Contest highlights critical security vulnerabilities in software development, especially in sensitive fields like nuclear verification. By showcasing how subtle coding tricks like NaN poisoning can compromise systems, it emphasizes the importance of rigorous secure coding practices for protecting national and global security. This contest serves as a reminder for developers and organizations to prioritize security and correctness in their software design.

Key Takeaways

We have judged all submissions, and are pleased to announce the runners up and winner of the 2015 Underhanded C Contest. This year we had over 40 submissions, and they were all of high quality. As a result, our list of runners up is pretty long. I will provide anchor links below if you want to skip ahead

This year's challenge (detailed below) is a real-world problem in nuclear verification, sponsored by and designed in partnership with the Nuclear Threat Initiative (http://www.nti.org/), a nonprofit, nonpartisan organization working to reduce the threat of nuclear, chemical and biological weapons. We hope that this emphasizes the need for care and rigor, not to mention new research, in secure software development for such applications.

Finally, we are going to run a live Reddit AMA ("Ask Me Anything," for those of you who, like me, still use a tape recorder and a Commodore PET CBM) next Tuesday, February 9th, at 1:00pm. We'll post more specifics later, but if you have questions about Underhanded C, the contest or the problem, this will be a great opportunity to ask.

An overview of NaN poisoning attacks

Many of the submissions (about a third of them!) used the same trick, one that every programmer should be aware of. A floating-point variable can be set to NaN ("not a number") as a result of certain computations with undefined results -- for example, computing sqrt(-1.0) or 0/0. NaN values have the following properties:

A computation involving a NaN input will often have a NaN result;

A comparison with a NaN will evaluate to false.

That second fact is a syntactic limitation of many programming languages: only some datatypes can hold an undefined value. Mathematically speaking, if x is undefined, then we should expect

y = ((int) x) or y = (x >= 5)

to be undefined as well; but integer and logical variables can't be undefined, and those expressions have to evaluate to something.

... continue reading