SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 68

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 69

changes.mady.by.user Ankur Goyal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: changed linux 07 to 08

...

In this example, the strtok() function is used to parse the first argument into colon-delimited tokens; it outputs each word from the string on a new line. Assume that PATH is "/usr/bin:/usr/sbin:/sbin".

Code Block
bgColor#FFCCCC

char *token;
char *path = getenv("PATH");

token = strtok(path, ":");
puts(token);

while (token = strtok(0, ":")) {
  puts(token);
}

printf("PATH: %s\n", path);
/* PATH is now just "/usr/bin" */

...

In this compliant solution the string being tokenized is copied into a temporary buffer which is not referenced after the call to strtok():

Code Block
bgColor#ccccff

char *token;
const char *path = getenv("PATH");
/* PATH is something like "/usr/bin:/bin:/usr/sbin:/sbin" */

char *copy = (char *)malloc(strlen(path) + 1);
if (copy == NULL) {
  /* handle error */
}
strcpy(copy, path);
token = strtok(copy, ":");
puts(token);

while (token = strtok(0, ":")) {
  puts(token);
}

free(copy);
copy = NULL;

printf("PATH: %s\n", path);
/* PATH is still "/usr/bin:/bin:/usr/sbin:/sbin" */

...

Wiki Markup
To quote the Linux Programmer's Manual (man) page on {{strtok(3)}} \[[Linux 0708|AA. C References#Linux 0708]\]:

...


<blockquote><p>Never use this function. This function modifies its first argument. The identity of the delimiting character is lost. This function cannot be used on constant strings.

...

The improper use of 

</p></blockquote>The improper use of {{strtok()}} is likely to result in truncated data, producing unexpected results later in program execution.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

STR06-C

medium

likely

medium

P12

L1

...

Wiki Markup
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.21.5.8, "The {{strtok}} function"
\[[Linux 0708|AA. C References#Linux 0708]\] [strtok(3)|http://www.kernel.org/doc/man-pages/online/pages/man3/strtok.3.html]
\[[MITRE 07|AA. C References#MITRE 07]\] [CWE ID 464|http://cwe.mitre.org/data/definitions/464.html], "Addition of Data Structure Sentinel"

...