The underhanded C Contest is an annual contest where developers are asked to write code which is clear, readable and as straight forward as possible while doing something evil in a very subtle manner. The goal behind the contest is to make people aware that even code that looks completely benign can be doing something bad either intentionally or accidentally. The contest has been around for 7 years and the solutions people have come up with are amazing. This years winner was Karen Pease and trying to understand their code made my head hurt.
Here’s an extract from the site that explains how Karen gamed the system:
- We get the cur_time = localtime() and we want to check if
 cur_time->tm_year is a leap year
- We call __isleap( cur_year = AUDIT(cur_time->tm_year) )
- this expands into a line of code from nested macros
- The first thing that happens is a call to check_clock_skew() that calls localtime() on a teensy time interval, overwriting our time structure
- cur_time->tm_year is now 0, which satisfies all three clauses in the __isleap() macro,
- Causing AUDIT() code to be evaluated thrice
- Ow my head, and
- The year (or rather, the number 0) is written to the audit record three times. This overfills the audit buffer.
…
- Thus the final AUDIT call zeroes out a user’s created time, if the user was surveilled.
Looking at this code, it explains how difficult it is to prevent a skilled programmer from adding backdoors or Easter eggs in software and why code reviews are so important.
– Suramya