SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 26

changes.mady.by.user Jeffrey Gennari

Saved on

compared with

New Version 27

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Failure to specify function prototypes results in a function being implicitly defined. Without a function prototype, the compiler will assume the the correct number and type of parameters have been supplied to a function. This can result in undefined, and perhaps unintended behavior. Given this, functions should always be declared with the appropriate function prototype.

Wiki Markup
C99 removedeliminated implicit function declarations from the C language \[[ISO/IEC9899-1999|AA. C References#ISO/IEC 9899-1999]\]. However, many compilers will typically allow compilation of programs thatcontaining contain implicitly defined functions, although they willmay issue a warning message. These warnings should be resolved \[[MSC00-A|MSC00-A. Compile cleanly at high warning levels]\], but theydo will not prevent program compilation.

Failure to specify function prototypes results in a function being implicitly defined. Without a function prototype, the compiler will assume the the correct number and type of parameters have been supplied to a function. This can result in undefined, and perhaps unintended behavior. Given this, functions should always be declared with the appropriate function prototype.

Non-Compliant Code Example 1

In this example, the definition of func() expects three parameters but is supplied only two. However, because there is no prototype for func(), the compiler assumes that the correct number of parameters arguments has been supplied, and uses the next value on the program stack as the missing third parameterargument.

Code Block
bgColor#FFCCCC
function(1, 2);
...
int func(int one, int two, int three){
  printf("%d %d %d", one, two, three);
  return 1;
}

...

Code Block
bgColor#ccccff
int function(int, int, int);
...

function(1,2);
...
int func(int one, int two, int three){
  printf("%d %d %d", one, two, three);
  return 1;
}

Non-Compliant Code Example 1

Wiki Markup
The following example is based on rule \[[MEM02-A|MEM02-A. Do not cast the return value from malloc()]]. The header file {{stdlib.h}} contains the function prototype for {{malloc()}}. Failing to include {{stdlib.h}} causes {{malloc()}} to be implicitly defined.

Code Block
bgColor#FFCCCC
char *p = malloc(10);

...

Code Block
bgColor#ccccff
#include <stdlib.h>
...
char *p = malloc(10);

Risk Assessment

Failure to specify function prototypes can often lead to system crashes and possible denial-of-service attacks. Examples of vulnerabilities

...

resulting from missing function prototypes include:

  • CVE-2002-1236, CAN-2003-0422 - CGI crashes when called without any arguments
  • CVE-2002-1531, CAN-2002-1077 - crash in HTTP request without a Content-Length field
  • CAN-2002-1358 - empty elements/strings in protocol test suite affect many SSH2 servers/clients
  • CAN-2003-0477 - FTP server crashes in PORT command without an argument
  • CVE-2002-0107 - resultant infoleak in web server via GET requests without HTTP/1.0 version string
  • CAN-2002-0596 - GET reqeust with empty parameter leads to error message infoleak (path disclosure)

Risk Assesment

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DRAFT

2 1 (medium)

3 2 (likelypossible)

2 (medium)

P12 P4

L1 L3

References