...
| Code Block | ||
|---|---|---|
| ||
void login(char *usr, char *pw) {
User user = find_User(usr);
if (strcmp((user->password),pw_given) == 0) {
grantAccess();
}
denyAccess("Incorrect Password");
}
|
References
[1] "Should I return TRUE / FALSE values from a C function?
[2] "The strcmp function"
Risk Assessment
Code which does not conform to the common practices presented will be difficult to maintain. Bugs may easily arise when modifying helper functions which evaluate true/false or success/failure. Bugs may also easily arise when modifying code that tests for equality using a comparison function that obeys the same conventions as standard library functions like strcmp.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP20-C | medium | probable | low | P8 | L2 |
References
| Wiki Markup |
|---|
[\[1\]|http://stackoverflow.com/questions/559061/should-i-return-true-false-values-from-a-c-function|http://stackoverflow.com/questions/559061/should-i-return-true-false-values-from-a-c-function] "Should I return TRUE / FALSE values from a C function?
\[[ISO/IEC 9899:1999|AA. References#ISO/IEC 9899-1999]\] |