SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 95

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 96

changes.mady.by.user Anirban Gangopadhyay

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Replacing secure functions with less secure functions is a very risky practice because developers can be easily fooled into trusting the function to perform a security check that is absent. This may be a concern, for example, as developers attempt to adopt more secure functions, such as the C11 Annex K functions, that might not be available on all platforms. (See STR07-C. Use the bounds-checking interfaces for string manipulation.)

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

PRE09-C

High

Likely

Medium

P18

L1

Automated Detection

ToolVersionCheckerDescription
Astrée
Include Page
Astrée_V
Astrée_V
 

Supported, but no explicit checker
Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

Use of dangerous standard function

Use of obsolete standard function

Dangerous functions cause possible buffer overflow in destination buffer

Obsolete routines can cause security vulnerabilities and portability issues

PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v
5003Fully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardVOID PRE09-CPP. Do not replace secure functions with less secure functions
ISO/IEC TR 24772:2013Executing or Loading Untrusted Code [XYS]
MITRE CWECWE-684, Failure to provide specified functionality

 Bibliography

[IEEE Std 1003.1:2013]XSH, System Interfaces, vsnprintf, vsprintf
[Seacord 2013]Chapter 6, "Formatted Output"
[VU#654390]
 

...



...