...
In this noncompliant code example, the obsolete functions strcat() and strcpy() are used.:
| Code Block | ||
|---|---|---|
| ||
void complain(const char *msg) {
static const char prefix[] = "Error: ";
static const char suffix[] = "\n";
char buf[BUFSIZE];
strcpy(buf, prefix);
strcat(buf, msg);
strcat(buf, suffix);
fputs(buf, stderr);
}
|
...
In this compliant solution, strcat() and strcpy() are replaced by strcat_s() and strcpy_s().:
| Code Block | ||||
|---|---|---|---|---|
| ||||
enum { BUFFERSIZE=256 };
void complain(const char *msg) {
static const char prefix[] = "Error: ";
static const char suffix[] = "\n";
char buf[BUFFERSIZE];
strcpy_s(buf, BUFFERSIZE, prefix);
strcat_s(buf, BUFFERSIZE, msg);
strcat_s(buf, BUFFERSIZE, suffix);
fputs(buf, stderr);
}
|
...
| CERT C Secure Coding Standard | FIO01-C. Be careful using functions that use file names for identification FIO07-C. Prefer fseek() to rewind() FIO12-C. Prefer setvbuf() to setbuf() INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs INT06-C. Use strtol() or a related function to convert a string token to an integer STR06-C. Do not assume that strtok() leaves the parse string unchanged STR07-C. Use TR 24731 for remediation of existing string manipulation code |
| ISO/IEC TR 24772 | Use of Libraries [TRJ] |
| ISO/IEC TR 24731-1:2007 | |
| MISRA - C:2012 | Rule 20.421.3 (required) |
| MITRE CWE | CWE-20, Insufficient input validation CWE-73, External control of file name or path CWE-192, Integer coercion error CWE-197, Numeric truncation error CWE-367, Time-of-check, time-of-use race condition CWE-464, Addition of data structure sentinel CWE-676, Use of potentially dangerous function |
...