SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 51

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 52

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This modification incorrectly assumes that the symbolic link cannot be longer than the value of SYMLINK_MAX returned by pathconf(). However, the value returned by
pathconf() is out of date by the time readlink() is called, and so the off-by-one buffer overflow risk is still present because, in between the two calls, the location of /usr/bin/perl can change to a file system with a larger SYMLINK_MAX value. Also, if SYMLINK_MAX is indeterminate (that is, if pathconf() returned -1 without setting errno), the code uses an arbitrary large buffer size (10,000) that it hopes will be sufficient, but there is a small chance that readlink() can return exactly this size.

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

POS30-C

high

probable

medium

P12

L1

Automated Detection

Tool

Version

Checker

Description

Section

Compass/ROSE

...

 

 

 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

MITRE CWE: CWE-170, "Improper Null Termination"

Bibliography

Wiki Markup
\[[iljaIlja 062006|AA. Bibliography#ilja 06]\]
\[[MITRE 07|AA. Bibliography#MITRE 07]\] [CWE ID 170|http://cwe.mitre.org/data/definitions/170.html], "Improper Null Termination"
\[[Open Group 97a1997a|AA. Bibliography#Open Group 97]\]
\[[Open Group 042004|AA. Bibliography#Open Group 04]\]

...