SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 67

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 68

changes.mady.by.user Robert Seacord (Manager)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

...

Because length is user controlled, the value can result in a large block of memory being allocated or can cause the call to malloc() to fail. Depending on how error handling is implemented, this may result in a denial of service or other error.

Compliant Solution

Wiki MarkupThis compliant solution defines the acceptable range for {{length}} as {{\[1, MAX_TABLE_LENGTH\]}}. The {{length}} parameter is declared as {{size_t}}, which is unsigned by definition. Consequently, it is not necessary to check {{length}} for negative values. (See recommendation [INT01-C. Use rsize_t or size_t for all integer values representing the size of an object].)

Code Block
bgColor#ccccff
langc
enum { MAX_TABLE_LENGTH = 256 };

char** create_table(void) {
  const char* const lenstr = getenv("TABLE_SIZE");
  const size_t length = lenstr ? strtoul(lenstr, NULL, 10) : 0;

  if (length == 0 || length > MAX_TABLE_LENGTH)
    return NULL;   /* indicate error to caller */

  const size_t table_size = length * sizeof(char *);
  char** const table = (char **)malloc(table_size);

  if (table == NULL)
    return NULL;   /* indicate error to caller */

  /* initialize table... */
  return table;
}

...

CERT C++ Secure Coding Standard: INT04-CPP. Enforce limits on integer values originating from untrusted sources

Bibliography

Wiki Markup\[[Seacord 2005a|AA. Bibliography#Seacord 05]\] Chapter 5, "Integer Security"

...

      04. Integers (INT)