Do not use deprecated or obsolete obsolescent functions when more secure equivalent functions are available. Deprecated functions are defined by the C Standard. Obsolete functions are typically functions for which there are more secure or portable alternatives available and Obsolescent functions are defined by this rulerecommendation.
Deprecated Functions
The gets() function was deprecated by Technical Corrigendum 3 to C99 and eliminated from C11.
...
Obsolescent Functions
Functions in the first column of the following table are hereby defined to be obsolete obsolescent functions. To remediate invocations of obsolete obsolescent functions, an application might use inline coding that, in all respects, conforms to this guideline, or an alternative library that, in all respects, conforms to this guideline, or alternative nonobsolete non-obsolescent functions.
Obsolescent Obsolete | Recommended | Rationale |
|---|---|---|
|
| Non-reentrant |
|
| No error detection |
|
| No error detection |
|
| No error detection |
|
| No error detection |
|
| Non-reentrant |
|
| No exclusive access to file |
|
| No exclusive access to file |
|
| No error detection |
|
| No error detection |
Many of these The atof, atoi, atol, and atoll functions are obsolete because they lack robust error-obsolescent because the strod, strtof, strtol, strtold, strtoll, strotul, and strtoull functions can emulate their usage and have more robust error handling capabilities. See ERR07-C. Prefer functions that support error checking over equivalent functions that don't and guideline INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs.
The fopen() and freopen() functions are obsolete obsolescent because the fopen_s() and freopen_s() functions in C11 Annex K can emulate their usage and improve security by protecting the file from unauthorized access by setting its file protection .and opening the file with exclusive access [ISO/IEC WG14 N1173].
The setbuf function is obsolescent because setbuf does not return a value and can be emulated using setvbuf. See guideline FIO12-C. Prefer setvbuf() to setbuf().
The rewind function is obsolescent because rewind does not return a value and can be emulated using fseek. See guideline FIO07-C. Prefer fseek() to rewind().
The asctime and ctime functions are obsolescent The asctime() and ctime() functions are obsolete because they use non-reentrant static buffers and can be emulated using asctime_s() and ctime_s().
Unchecked
...
Obsolescent Functions
The following are hereby defined to be unchecked obsolete obsolescent functions:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
To remediate invocations of unchecked obsolete obsolescent functions, an application might use inline coding that, in all respects, conforms to this guideline, or an alternative library that, in all respects, conforms to this guideline, or alternative nonobsolete nonobsolescent functions from C11 Annex K:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
or alternative nonobsolete nonobsolescent functions from ISO/IEC TR 24731-2, Extensions to the C Library—Part II: Dynamic Allocation Functions [ISO/IEC TR 24731-2]:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Noncompliant Code Example
In this noncompliant code example, the obsolete obsolescent functions strcat() and strcpy() are used:
| Code Block | ||
|---|---|---|
| ||
#include <string.h>
#include <stdio.h>
enum { BUFSIZE = 32 };
void complain(const char *msg) {
static const char prefix[] = "Error: ";
static const char suffix[] = "\n";
char buf[BUFSIZE];
strcpy(buf, prefix);
strcat(buf, msg);
strcat(buf, suffix);
fputs(buf, stderr);
}
|
Compliant Solution
In this compliant solution, strcat() and strcpy() are replaced by strcat_s() and strcpy_s():
| Code Block | ||||
|---|---|---|---|---|
| ||||
#define __STDC_WANT_LIB_EXT1__
#include <string.h>
#include <stdio.h>
enum { BUFFERSIZE = 256 };
void complain(const char *msg) {
static const char prefix[] = "Error: ";
static const char suffix[] = "\n";
char buf[BUFFERSIZE];
strcpy_s(buf, BUFFERSIZE, prefix);
strcat_s(buf, BUFFERSIZE, msg);
strcat_s(buf, BUFFERSIZE, suffix);
fputs(buf, stderr);
}
|
Risk Assessment
The deprecated and obsolete obsolescent functions enumerated in this guideline are commonly associated with software vulnerabilities.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC34-C | High | Probable | Medium | P12 | L1 |
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CC2.MSC34 | Fully implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| CERT C Secure Coding Standard | ERR07-C. Prefer functions that support error checking over equivalent functions that don't |
| ISO/IEC TR 24772 | Use of Libraries [TRJ] |
| MISRA C:2012 | Rule 21.3 (required) |
| MITRE CWE | CWE-20, Insufficient input validation CWE-73, External control of file name or path CWE-192, Integer coercion error CWE-197, Numeric truncation error CWE-367, Time-of-check, time-of-use race condition CWE-464, Addition of data structure sentinel CWE-676, Use of potentially dangerous function |
Bibliography
| [Apple 2006] | Apple Secure Coding Guide, "Avoiding Race Conditions and Insecure File Operations" |
| [Burch 2006] | Specifications for Managed Strings, Second Edition |
| [Drepper 2006] | Section 2.2.1 "Identification When Opening" |
| ISO/IEC 9945:2003 | |
| ISO/IEC 23360-1:2006 | |
| [ISO/IEC WG14 N1173] | Rationale for TR 24731 Extensions to the C Library Part I: Bounds-checking interfaces |
| [Klein 2002] | "Bullet Proof Integer Input Using strtol()" |
| [Linux 2008] | strtok(3) |
| [Open Group 2004] | "The open Function" |
| [Seacord 2013] | Chapter 2, "Strings" Chapter 8, "File I/O" |
| [Seacord 2005b] | "Managed String Library for C, C/C++" |
...