If a header file with the same name as one of the standard headers is placed in the typical path to search for libraries then the behavior is undefined.
Non-Compliant Example
Naming a header file in the standard library search path any of the following could cause problems:
<assert.h>
<complex.h>
<ctype.h>
<errno.h>
<fenv.h>
<float.h>
<inttypes.h>
<iso646.h>
<limits.h>
<locale.h>
<math.h>
<setjmp.h>
<signal.h>
<stdarg.h>
<stdbool.h>
<stddef.h>
<stdint.h>
<stdio.h>
<stdlib.h>
<string.h>
<tgmath.h>
<time.h>
<wchar.h>
<wctype.h>
Risk Assessment
It is possible that an attacker could place a duplicate header file in the library path in order to cause exploit behavior.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
| 2 (medium) | 1 (unlikely) | 3 (low) | P2 | L2 |
References
| Wiki Markup |
|---|
\[ISO/IEC 9899\] 7.1.2 Standard Headers |