...
In this noncompliant code example, the function pointers addresses of the POSIX ® functions getuid and geteuid are compared for equality to 0. Since the address of no function is null the first subexpression will always evaluate to false (zero) while the second subexpression always to true (non-zero). Thus, the entire expression will always evaluate to true, leading to a potential security vulnerability.
| Code Block | ||
|---|---|---|
| ||
/* First the options that are only allowed for root */ if (getuid == 0 || geteuid != 0) { /* ... */ } |
Noncompliant Code Example
...