SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 200

changes.mady.by.user Unknown User (lflynn)

Saved on

compared with

New Version 201

changes.mady.by.user Arthur Hicken

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: update parasoft

...

Copying string data to a buffer that is too small to hold that data results in a buffer overflow. Attackers can exploit this condition to execute arbitrary code with the permissions of the vulnerable process.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

STR31-C

High

Likely

Medium

P18

L1

Automated Detection

Array access out of bounds, Buffer overflow from incorrect string format specifier, Destination buffer overflow in string manipulation, Invalid use of standard library string routine, Missing null in string array, Pointer access out of bounds, Tainted NULL or non-null-terminated string, Use of dangerous standard function 

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
 

Supported, but no explicit checker
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.MEM.BO
LANG.MEM.TO
MISC.MEM.NTERM
BADFUNC.BO.*

Buffer overrun
Type overrun
No space for null terminator
A collection of warning classes that report uses of library functions prone to internal buffer overflows

Compass/ROSE

 

 



Can detect violations of the rule. However, it is unable to handle cases involving strcpy_s() or manual string copies such as the one in the first example

Coverity
Include Page
Coverity_V
Coverity_V

STRING_OVERFLOW

BUFFER_SIZE

OVERRUN

STRING_SIZE

Fully implemented

Fortify SCA

5.0

 

 



Klocwork

Include Page
Klocwork_V
Klocwork_V

NNTS.MIGHT
NNTS.MUST
SV.STRBO.BOUND_COPY.OVERFLOW
SV.STRBO.BOUND_COPY.UNTERM
SV.STRBO.BOUND_SPRINTF
SV.STRBO.UNBOUND_COPY
SV.STRBO.UNBOUND_SPRINTF

 


LDRA tool suite

Include Page
LDRA_V
LDRA_V

489 S, 109 D, 66 X, 70 X, 71 X

Partially implemented

Parasoft C/C++test
9

10.

5

3

BD-PB-OVERFWR,SECURITY-12
 

Polyspace Bug FinderR2016a
 

Guarantee that storage for strings has sufficient space for character data and null terminator

Splint

Include Page
Splint_V
Splint_V

 

 



PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v
2845, 2846, 2847, 2848, 2849, 5009Partially implemented
 PRQA QA-C++4.2 0145, 2845, 2846, 2847, 2848, 2849, 2840, 2841, 2842, 2843, 2844, 2930, 2831, 2831, 2832, 2833, 2934 
 

Related Vulnerabilities

CVE-2009-1252 results from a violation of this rule. The Network Time Protocol daemon (NTPd), before versions 4.2.4p7 and 4.2.5p74, contained calls to sprintf that allow an attacker to execute arbitrary code by overflowing a character array [xorl 2009].

...

Key here (explains table format and definitions)

Taxonomy

Taxonomy item

Relationship

CERT C Secure Coding StandardSTR03-C. Do not inadvertently truncate a stringPrior to 2018-01-12: CERT: Unspecified Relationship
CERT C Secure Coding StandardSTR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code
MSC24-C. Do not use deprecated or obsolescent functions
MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
FIO34-C. Distinguish between characters read from a file and EOF or WEOF		Prior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TR 24772:2013String Termination [CJM]Prior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TR 24772:2013Buffer Boundary Violation (Buffer Overflow) [HCB]Prior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TR 24772:2013Unchecked Array Copying [XYW]Prior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TS 17961:2013Using a tainted value to write to an object using a formatted input or output function [taintformatio]Prior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TS 17961:2013Tainted strings are passed to a string copying function [taintstrcpy]Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer2017-05-18: CERT: Rule subset of CWE
CWE 2.11CWE-120, Buffer Copy without Checking Size of Input ("Classic Buffer Overflow")2017-05-15: CERT: Exact
CWE 2.11CWE-123, Write-what-where Condition2017-06-12: CERT: Partial overlap
CWE 2.11CWE-125, Out-of-bounds Read2017-05-18: CERT: Partial overlap
CWE 2.11CWE-6762017-05-18: CERT: Partial overlap

CERT-CWE Mapping Notes

Key here for mapping notes

...

CWE-193 involves an integer computation error (typically off-by-one), which is often a precursor to (slight) buffer overflow. However the two errors occur in different operations and are thus unrelated.

Bibliography

[Dowd 2006]Chapter 7, "Program Building Blocks" ("Loop Constructs," pp. 327–336)
[Drepper 2006]Section 2.1.1, "Respecting Memory Bounds"
[ISO/IEC 9899:2011]K.3.5.4.1, "The gets_s Function"
[Lai 2006]
 

[NIST 2006]SAMATE Reference Dataset Test Case ID 000-000-088
[Seacord 2013b]Chapter 2, "Strings"
[xorl 2009]FreeBSD-SA-09:11: NTPd Remote Stack Based Buffer Overflows

...


...