...
Many of these functions are obsolete because they lack robust error-handling capabilities. See ERR07-C. Prefer functions that support error checking over equivalent functions that don't and INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs.
The fopen() and freopen() functions are obsolete because the fopen_s() and freopen_s() functions in C11 Annex K can emulate their usage and improve security by protecting the file from unauthorized access by setting its file protection [ISO/IEC 9899:2011].
The asctime() and ctime() functions are obsolete because they use non-reentrant static buffers and can be emulated using asctime_s() and ctime_s().
...
To remediate invocations of unchecked obsolete functions, an application might use inline coding that, in all respects, conforms to this guideline, or an alternative library that, in all respects, conforms to this guideline, or alternative nonobsolete functions from C11 Annex K [ISO/IEC 9899:2011]K:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
or alternative nonobsolete functions from from ISO/IEC TR 24731, Extensions to the C Library—Part II: Dynamic Allocation Functions [ISO/IEC TR 24731-2:2010 (Part II):]:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
...
MSC34-EX1: If an out-of-bounds store cannot occur in a specific invocation of a function, the invocation of that function is permitted by this rule. The rationale for this exception is that the simple use of such a function in a program does not mean the program is incorrect. To eliminate the use of such a function, the programmer must replace calls to the deprecated or obsolete function with calls to the alternative functions. Unfortunately, the process of modifying existing code frequently introduces defects and vulnerabilities and is not recommended. New code should be developed in conformance to this guideline, however.
...
The deprecated and obsolete functions enumerated in this guideline are commonly associated with software vulnerabilities.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC34-C | High | Probable | Medium | P12 | L1 |
...
Related Vulnerabilities
Search for for vulnerabilities resulting from the violation of this rule on the CERT website.
...
| CERT C Secure Coding Standard | ERR07-C. Prefer functions that support error checking over equivalent functions that don't | ||
| ISO/IEC TR 24772 | Use of Libraries [TRJ] | ISO/IEC 9899:2011 | Annex K|
| MISRA C:2012 | Rule 21.3 (required) | ||
| MITRE CWE | CWE-20, Insufficient input validation CWE-73, External control of file name or path CWE-192, Integer coercion error CWE-197, Numeric truncation error CWE-367, Time-of-check, time-of-use race condition CWE-464, Addition of data structure sentinel CWE-676, Use of potentially dangerous function |
...
| [Apple 2006] | Apple Secure Coding Guide, "Avoiding Race Conditions and Insecure File Operations" |
| [Burch 2006] | Specifications for Managed Strings, Second Edition |
| [Drepper 2006] | Section 2.2.1 "Identification When Opening" |
| ISO/IEC 9945:2003 | |
| ISO/IEC 23360-1:2006 | |
| [ISO/IEC WG14 N1173] | Rationale for TR 24731 Extensions to the C Library Part I: Bounds-checking interfaces |
| [Klein 2002] | "Bullet Proof Integer Input Using strtol()" |
| [Linux 2008] | strtok(3) |
| [Open Group 2004] | "The open Function" |
| [Seacord 2013] | Chapter 2, "Strings" Chapter 8, "File I/O" |
| [Seacord 2005b] | "Managed String Library for C, C/C++" |
...