SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 3

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 4

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

If a header file with the same name as one of the standard headers a standard file name is placed in the typical search path to search for libraries then for included source files, the behavior is undefined.

Non-Compliant Example

Naming a header file in the standard library search path any of the following could cause problemsThe standard headers are:

<assert.h>

<complex.h>

<ctype.h>

<errno.h>

<fenv.h>

<float.h>

<inttypes.h>

<iso646.h>

<limits.h>

<locale.h>

<math.h>

<setjmp.h>

<signal.h>

<stdarg.h>

<stdbool.h>

<stddef.h>

<stdint.h>

<stdio.h>

<stdlib.h>

<string.h>

<tgmath.h>

<time.h>

<wchar.h>

<wctype.h>

Risk Assessment

It is possible that an attacker could place a duplicate header file in the library path in order to cause exploit behavior.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

    PRE04-A

2 1 (mediumlow)

1 (unlikely)

3 (low)

P2 P3

L2 L3

References

Wiki Markup
\[[ISO/IEC 9899-1999:TC2|AA. C References#ISO/IEC 9899-1999TC2]\] Section 7.1.2, "Standard Headers"