The C99 \[ [ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999] \] function {{ Wiki Markup strtok()
}} is a string tokenization function that takes two arguments: an initial string to be parsed and a const-qualified character delimiter. It returns a pointer to the first character of a token or to a null pointer if there is no token.
The first time strtok()
is called, the string is parsed into tokens and character delimiter. The strtok()
function parses the string up to the first instance of the delimiter character, replaces the character in place with a null byte ('\0'
), and returns the address of the first character in the token. Subsequent calls to strtok()
begin parsing immediately after the most recently-placed null character.
...
Another possibility is to provide your own implementation of strtok()
that does not modify the initial arguments.
Risk Assessment
The Linux Programmer's Manual (man) page on {{ Wiki Markup strtok(3)
}} \ [[Linux 2008|AA. Bibliography#Linux 08] \] states
Never use this function. This function modifies its first argument. The identity of the delimiting character is lost. This function cannot be used on constant strings.
...
Tool | Version | Checker | Description | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
|
| ||||||||||||
|
|
|
| ||||||||||||
|
|
|
|
...
MITRE CWE: CWE-464, "Addition of Data Structure Sentinel"
Bibliography
\[[Linux 2008|AA. Bibliography#Linux 08]\] [strtok(3)|http://www.kernel.org/doc/man-pages/online/pages/man3/strtok.3.html] Wiki Markup
...
07. Characters and Strings (STR) STR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code