SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 36

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 37

changes.mady.by.user Robert Seacord (Manager)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
There are a number of existing libraries available for managing string data; the library selected depends on the overall approach adopted for managing null-terminated byte strings.  The functions defined by C99 Section 7.21, "String handling <string.h>" \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] are primarily intended for managing statically allocated strings.  However, these functions are problematic because many of the functions fail to account for the size of the destination array.  Consequently, this standard recommends use of the ISO/IEC TR 24731-1 \[[ISO/IEC TR 24731-1-2007|AA. C References#ISO/IEC TR 24731-1-2007]\] functions when using statically allocated arrays (see [STR07-A. Use TR 24731 for remediation of existing string manipulation code]).

Wiki Markup
ISO/IEC TR 24731 Part II (24731-2, in progress) offer another approach, supplying functions that allocate enough memory for their results \[[ISO/IEC WDTR 24731-2|AA. C References#ISO/IEC WDTR 24731-2]\]. ISO/IEC TR 24731 Part II provides an API that dynamically allocates the results of string functions as needed. This TR includes a number of POSIX functions

Wiki Markup
The managed string library described in \[[Burch 06|AA. C References#Burch06]\] was developed in response to the need for a string library that could improve the quality and security of newly developed C language programs while eliminating obstacles to widespread adoption and possible standardization.

...

Wiki Markup
Note that the calls to {{fprintf()}} and {{printf()}} are C99 \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] standard functions and not managed string functions.

The forthcoming technical report ISO/IEC TR 24731 Part II will also provide an API that dynamically allocates the results of string functions as needed.

Risk Assessment

Wiki Markup
String handling functions defined in C99 \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.21 and elsewhere are susceptible to common programming errors that can lead to serious, exploitable [vulnerabilities|BB. Definitions#vulnerability]. Managed strings, when used properly, can eliminate many of these errors, particularly in new development.

...

Wiki Markup
\[[Burch 06|AA. C References#Burch06]\]
\[[CERT 06c|AA. C References#CERT 06c]\]
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.21, "String handling <string.h>"
\[[MISRA 04|AA. C References#MISRA 04]\] Rule 20.4 
\[[Seacord 05a|AA. C References#Seacord 05a]\] Chapter 2, "Strings"
\[[ISO/IEC WDTR 24731-2|AA. C References#ISO/IEC WDTR 24731-2]\] [Extensions to the C Library, — Part II: Dynamic Allocation Functions|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1248.pdf]. August, 2007.

ISO/IEC 9945:2003 (including Technical Corrigendum 1), Information technology — Programming languages, their environments and system software interfaces — Portable Operating System Interface (POSIX®).

...

STR00-A. Represent characters using an appropriate type      07. Characters and Strings (STR)       STR02-A. Sanitize data passed to complex subsystems