Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

All integer values originating from untrusted sources should be evaluated to determine whether there are identifiable upper and lower bounds. If so, these limits should be enforced by the interface. Anything that can be done to limit the input of excessively large or small integers should help prevent overflow and other type range errors. Furthermore, it is easier to find and correct input problems than it is to trace internal errors back to faulty inputs.

Risk Assessment

Integer behavior in C is relatively complex, and it is easy to make subtle errors that turn into exploitable vulnerabilities. While not strictly necessary, using a secure integer library can provide an encapsulated solution against these errors.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

INT04-A

2 (medium)

2 (probable)

1 (high)

P4

L3

...