Page History

Comparing a function pointer to a value that is not a null function pointer of the same type will be diagnosed because this it typically indicates programmer error and can result in unexpected behavior. Implicit comparisons will be diagnosed, as well.

...

In this noncompliant code example, the addresses of the POSIX ^® functions getuid and geteuid are compared for equality to 0. Since the address of no function is null, the first subexpression will always evaluate to false (zero) while , and the second subexpression always to true (non-zerononzero). ThusConsequently, the entire expression will always evaluate to true, leading to a potential security vulnerability.

...

This noncompliant code example is from an actual vulnerability (VU#837857) discovered in some versions of the X Window System server. The vulnerability exists because the programmer neglected to provide the open and close parentheses following the geteuid() function identifier. As a result, the geteuid token returns the address of the function, which is never equal to zero. As a resultConsequently, the or condition of this if statement is always true, and access is provided to the protected block for all users. Many compilers issue a warning noting such pointless expressions. Therefore, this coding error is normally detected by adherence to MSC00-C. Compile cleanly at high warning levels.

/* First the options that are only allowed for root */
if (getuid() == 0 || geteuid != 0) {
  /* ... */
}

...

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

...

...

...

...

...

...

...

Bibliography

...

...

...