SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 60

changes.mady.by.user Astha Singhal

Saved on

compared with

New Version 61

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Macros are frequently used in the remediation of existing code to globally replace one identifier with another, for example, when an existing API changes. While there  Although some risk is always some risk involved, this practice becomes particularly dangerous if a function name is replaced with the function name of a deprecated or obsolescent functionsfunction. Deprecated functions are defined by the C99 C standard and Technical Corrigenda. Obsolescent functions are defined by rule MSC34-C. Do not use deprecated or obsolete functions.

...

The Internet Systems Consortium's (ISC) Dynamic Host Configuration Protocol (DHCP) contained a vulnerability that introduced several potential buffer overflow conditions [VU#654390]. ISC DHCP makes use of the vsnprintf() function for writing various log file strings, which is defined in the Open Group Base Specifications Issue 6 [Open Group 2004] as well as C99 C11 [ISO/IEC 9899:19992011]. For systems that do not support vsnprintf(), a C include file was created that defines the vsnprintf() function to vsprintf(), as shown in this noncompliant code example:

Code Block
bgColor#FFcccc
langc

#define vsnprintf(buf, size, fmt, list) \
vsprintf(buf, fmt, list)

...

Code Block
bgColor#ccccFF
langc

#include <stdio.h>
#ifndef __USE_ISOC99
  /* reimplements vsnprintf() */
  #include "my_stdio.h"
#endif

...

Replacing secure functions with less secure functions is a very risky practice because developers can be easily fooled into trusting the function to perform a security check that is absent. This may be a concern, for example, as developers attempt to adopt more secure functions, like the ISO/IEC TR 24731-1 functions that might not be available on all platforms. (See recommendation STR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code.)

...

CERT C++ Secure Coding Standard: PRE09-CPP. Do not replace secure functions with less secure functions

ISO/IEC 9899:19992011 Section 7.1921.6.12, "The vsnprintf function"

ISO/IEC TR 24772 "XYS Executing or Loading Untrusted Code"

MITRE CWE: CWE-684, "Failure to Provide Specified Functionality"

Bibliography

[Open Group 2004] vsnprintf()
[Seacord 2005a] Chapter 6, "Formatted Output"
[VU#654390]

...