...
| Wiki Markup |
|---|
In the second noncompliant code example, {{memset()}} is used to clear the destination buffer; unfortunately, the third argument incorrectly specifies the size of the destination array \[[Schwarz 052005|AA. Bibliography#Schwarz 05]\]. |
...
If the intent is to copy without truncation, this example copies the data and guarantee guarantees that the resulting null-terminated byte string is null terminated. If the string cannot be copied, it is handled as an error condition.
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
STR32-C | high | probable | medium | P12 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||
|---|---|---|---|---|---|---|---|
|
|
|
|
...
|
|
|
|
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Other Languages
Related Guidelines
This rule appears in the C++ Secure Coding Standard as : STR32-CPP. Null-terminate character arrays as required.
Bibliography
| Wiki Markup |
|---|
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 7.1.1, "Definitions of terms," Section 7.20.3.4 "The realloc function," and Section 7.21, "String handling <string.h>" \[[ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] "CJM String Termination" \[[ISO/IEC TR 24731-1:2007|AA. Bibliography#ISO/IEC TR 24731-1-2007]\] Section 6.7.1.4, "The strncpy_s function" \[[MITRE 072007|AA. Bibliography#MITRE 07]\] [CWE ID 119|http://cwe.mitre.org/data/definitions/119.html], "Failure to Constrain Operations within the Bounds of an Allocated Memory Buffer," [CWE ID 170|http://cwe.mitre.org/data/definitions/170.html], "Improper Null Termination" \[[Schwarz 052005|AA. Bibliography#Schwarz 05]\] \[[Seacord 05a2005a|AA. Bibliography#Seacord 05]\] Chapter 2, "Strings" \[[Viega 052005|AA. Bibliography#Viega 05]\] Section 5.2.14, "Miscalculated NULL termination" |
...