...
| Code Block | ||
|---|---|---|
| ||
char myFilename[1000];
char const elimNewLn[] = "\n";
fgets(myFilename, sizeof(myFilename)-1, stdin);
myFilename[sizeof(myFilename)-1] = '\0';
myFilename[strcspn(myFilename, elimNewLn)] = '\0';
|
This example is borrowed in spirit from FIO30-C. Exclude user input from format strings except that we remove a newline assuming that fgets will include it. No checks are performed on the filename to prevent troublesome characters. If an attacker knew this code was in a program used to create or rename files that would later be used in a script or automated process of some sort, they could choose particular characters in the output filename to confuse the later process for malicious purposes.
...
| Code Block | ||
|---|---|---|
| ||
char myFilename[1000];
char const elimNewln[] = "\n";
char const badChars[] = "-\n\r ,;'\\<\"";
do
{
fgets(myFilename, sizeof(myFilename)-1, stdin);
myFilename[sizeof(myFilename)-1] ='\0';
myFilename[strcspn(myFilename, elimNewln)]='\0';
}while ( (strcspn(myFilename, badChars)) < (strlen(myFilename)));
|
In this solution, the program does not accept a filename that violates the guidelines above. As the solution shows, you probably have to find each location in code by hand that a user is allowed to specify a filename and solve it with a similar check as above.
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC09-A | 1 (low) | 1 (unlikely) | 3 (low) | P3 | L3 |
Automated Detection
The LDRA tool suite V 7.6.0 is able to detect violations of this recommendation.
Related Rules and Recommendations
...