Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Wiki MarkupThe C99 \[ [ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999] \] function {{strtok()}} is a string tokenization function that takes two arguments: an initial string to be parsed and a const-qualified character delimiter. It returns a pointer to the first character of a token or to a null pointer if there is no token.

The first time strtok() is called, the string is parsed into tokens and character delimiter. The strtok() function parses the string up to the first instance of the delimiter character, replaces the character in place with a null byte ('\0'), and returns the address of the first character in the token. Subsequent calls to strtok() begin parsing immediately after the most recently-placed null character.

...

Another possibility is to provide your own implementation of strtok() that does not modify the initial arguments.

Risk Assessment

Wiki MarkupThe Linux Programmer's Manual (man) page on {{strtok(3)}} \ [[Linux 2008|AA. Bibliography#Linux 08] \] states

Never use this function. This function modifies its first argument. The identity of the delimiting character is lost. This function cannot be used on constant strings.

...

Tool

Version

Checker

Description

Section

LDRA tool suite

Include Page
c:LDRA_Vc:
LDRA_V
Section

602 S

Section

Fully Implemented

Section

Fortify SCA

Section

V. 5.0

 

Section

can detect violations of this rule with CERT C Rule Pack

Section

Compass/ROSE

 

 

Section

...

MITRE CWE: CWE-464, "Addition of Data Structure Sentinel"

Bibliography

Wiki Markup\[[Linux 2008|AA. Bibliography#Linux 08]\] [strtok(3)|http://www.kernel.org/doc/man-pages/online/pages/man3/strtok.3.html]

...

      07. Characters and Strings (STR)      STR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code