SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 49

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 50

changes.mady.by.user Robert Seacord (Manager)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Another possibility is to provide your own implementation of strtok() that does not modify the initial arguments.

Risk Assessment

Wiki Markup
To quote the Linux Programmer's Manual (man) page on {{strtok(3)}} \[[Linux 07|AA. C References#Linux 07]\]:

Never use this function. This function modifies its first argument. The identity of the delimiting character is lost. This function cannot be used on constant strings.

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

STR06-A

2 ( medium ) 2 (

probable )

3 ( low )

P12

L1

Automated Detection

Fortify SCA Version 5.0 is able to detect violations of this recommendation.

...

Wiki Markup
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.21.5.8, "The strtok function"
\[Unix Man page[Linux 07|AA. C References#Linux 07]\] [strtok(3)|http://www.kernel.org/doc/man-pages/online/pages/man3/strtok.3.html

...

STR05-A. Use pointers to const when referring to string literals      07. Characters and Strings (STR)       STR07-A. Use TR 24731 for remediation of existing string manipulation code