...
An additional issue is that readlink() can return -1 if it fails, causing an off-by-one underflow.
Compliant Solution
This example ensures there will be no overflow by only reading in sizeof(buf)-1 characters. It also properly checks to see if an error has occurred.
| Code Block | ||
|---|---|---|
| ||
char buf[256];
ssizet_t len;
if ((len = readlink("/usr/bin/perl", buf, sizeof(buf)-1)) != -1)
buf[len] = '\0';
else {
/* handle error condition */
}
|
Risk Analysis
This is a fairly easy mistake to make. Fortunately the consequences are not that harsh, most likely resulting in abnormal program termination.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
POS30-C | 1 (low) | 2 (probable) | 2 (medium) | P4 | L3 |
...