SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 36

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 37

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
Most functions defined by ISO/IEC TR 24731-1-2007 include, as part of their specification, a list of runtime constraints, violations of which can be consistently handled at runtime \[[ISO/IEC TR 24731-1:2007|AA. Bibliography#ISO/IEC TR 24731-1-2007]\].  Library implementations must verify that the runtime constraints for a function are not violated by the program. If a runtime constraint is violated, the runtime constraint handler currently registered with {{set_constraint_handler_s()}} is called.

Wiki Markup
Section 6.6.1 states \[[ISO/IEC TR 24731-1:2007|AA. Bibliography#ISO/IEC TR 24731-1-2007]\]: states

When the handler is called, it is passed the following arguments in the following order:

  1. A pointer to a character string describing the runtime constraint violation.
  2. A null pointer or a pointer to an implementation-defined object.
  3. If the function calling the handler has a return type declared as errno_t, the return value of the function is passed. Otherwise, a positive value of type errno_t is passed.

The implementation has a default constraint handler that is used if no calls to the set_constraint_handler_s() function have been made or the handler argument to set_constraint_handler_s() is a null pointer. The behavior of the default handler is implementation-defined, and it may cause the program to exit or abort.

Wiki Markup
And Section 6.1.4 states \[[ISO/IEC TR 24731-1:2007|AA. Bibliography#ISO/IEC TR 24731-1-2007]\]: states

The runtime constraint handler might not return. If the handler does return, the library function whose runtime constraint was violated shall return some indication of failure as given by the returns section in the function's specification.

These runtime constraint handlers mitigate some of the potential insecurity caused by in-band error indicators. (see See recommendation ERR02-C. Avoid in-band error indicators.).

Noncompliant Code Example (TR24731-1)

...

This results in inconsistent behavior across implementations and possible termination of the program instead of a graceful exit. The implementation-defined default handler performs a default action consistent with a particular implementation. However, this may not be the desired action and, and because the behavior is implementation-defined, it is not guaranteed to be the same on all implementations.

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

CERT This rule appears in the C++ Secure Coding Standard as : ERR03-CPP. Use runtime-constraint handlers when calling functions defined by TR24731-1.

Bibliography

unmigrated-wiki-markup

\[[ISO/IEC TR 24731-1:2007|AA. Bibliography#ISO/IEC TR 24731-1-2007]\] Section 6.1.4, "Runtime-constraint violations", and Section 6.6.1, "Runtime-constraint handling"

Bibliography

Wiki Markup

\[[MSDN|AA. Bibliography#MSDN]\] "[Parameter Validation|http://msdn.microsoft.com/en-us/library/ksazx244.aspx]"

...