Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki MarkupMost functions defined by ISO/IEC TR 24731-1-2007 include, as part of their specification, a list of runtime constraints, violations of which can be consistently handled at runtime \[[ISO/IEC TR 24731-1:2007|AA. Bibliography#ISO/IEC TR 24731-1-2007]\]. Library implementations must verify that the runtime constraints for a function are not violated by the program. If a runtime constraint is violated, the runtime constraint handler currently registered with {{by the C11 Annex K Bounds-checking interfaces include, as part of their specification, a list of runtime constraints, violations of which can be consistently handled at runtime. Library implementations must verify that the runtime constraints for a function are not violated by the program. If a runtime constraint is violated, the runtime constraint handler currently registered with set_constraint_handler_s()}} is called.

Wiki Markup
Section 6.6.1 \[[ISO/IEC TR 24731-1:2007|AA. Bibliography#ISO/IEC TR 24731-1-2007]\] states 

...

These runtime constraint handlers mitigate some of the potential insecurity caused by in-band error indicators. (See recommendation ERR02-C. Avoid in-band error indicators.)

Noncompliant Code Example (TR24731-1)

In this noncompliant code example, the strcpy_s() function is called, but no runtime-constraint handler has been explicitly registered. As a result, the implementation-defined default handler is called on a runtime error.

...

As a result, it is prudent to explicitly install a runtime constraint handler to ensure consistent behavior across implementations.

Compliant Code Example (TR24731-1)

This compliant solution explicitly installs a runtime constraint handler by invoking the set_constraint_handler_s() function. This would typically be performed during system initialization and before any functions that used the mechanism were invoked.

Code Block
bgColor#ccccff
langc
constraint_handler_t handle_errors(void) {
  /* Handle runtime constraint error */
}

/*...*/

set_constraint_handler_s(handle_errors);

/*...*/

/* Returns zero on success */
errno_t function(char *dst1, size_t size){
  char src1[100] = "hello";

  if (strcpy_s(dst1, size, src1) != 0) {
    return -1;
  }
  /* ... */
  return 0;
}

Compliant Code Example (Visual Studio 2008/.NET Framework 3.5)

Although the ISO/IEC TR 24731-1 functions were created by Microsoft, currently available versions of Microsoft Visual Studio do not support the same interface defined by the technical report for installing runtime constraint handlers. Visual Studio calls these functions "invalid parameter handlers," and they are installed by calling the _set_invalid_parameter_handler() function. The signature of the handler is also significantly different.

Code Block
bgColor#ccccff
langc
_invalid_parameter_handler handle_errors(
   const wchar_t* expression,
   const wchar_t* function,
   const wchar_t* file,
   unsigned int line,
   uintptr_t pReserved
) {
  /* Handle invalid parameter */
}

/*...*/

_set_invalid_parameter_handler(handle_errors)

/*...*/

errno_t function(char *dst1, size_t size) {
  char src1[100] = "hello";

  if (strcpy_s(dst1, size, src1) != 0) {
    return -1;
  }
  /* ...  */
  return 0;
}

Risk Assessment

The TR24731-1 standard indicates that if no constraint handler is set, a default one executes when errors arise. The default handler is implementation-defined and "may cause the program to exit or abort." It is important to understand the behavior of the default handler for all implementations being used and replace it if the behavior is inappropriate for the application.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

ERR03-C

low

unlikely

medium

P2

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Secure Coding Standard: ERR03-CPP. Use runtime-constraint handlers when calling functions defined by TR24731-1

ISO/IEC TR 24731-1:2007 Section 6.1.4, "Runtime-constraint violations", and Section 6.6.1, "Runtime-constraint handling"

Bibliography

Wiki Markup
\[[MSDN|AA. Bibliography#MSDN]\] "[Parameter Validation|http://msdn.microsoft.com/en-us/library/ksazx244.aspx]"

...