SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 22

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 23

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Wiki MarkupThe managed string library described in \ [[Burch 2006|AA. Bibliography#Burch06] \] was developed in response to the need for a string library that could improve the quality and security of newly developed C language code while eliminating obstacles to widespread adoption and possible standardization.

The managed string library is based on a dynamic approach in which memory is allocated and reallocated as required. This approach eliminates the possibility of unbounded copies, null-termination errors, and truncation by ensuring there is always adequate space available for the resulting string (including the terminating null character).

...

Code Block
errno_t retValue;
char *cstr;  /* pointer to null-terminated byte string */
string_mx *str1 = NULL;

retValue = strcreate_m(&str1, "hello, world", 0, NULL);
if (retValue != 0) {
  fprintf(stderr, "Error %d from strcreate_m.\n", retValue);
}
else { /* retrieve null-terminated byte string and print */
  retValue = getstr_m(&cstr, str1);
  if (retValue != 0) {
    fprintf(stderr, "error %d from getstr_m.\n", retValue);
  }
  printf("(%s)\n", cstr);
  free(cstr); /* free null-terminated byte string */
  cstr = NULL;
}

...

Note   that   the   calls   to  {{fprintf()}}  and  {{printf()}}  are   C99  \[ [ISO/IEC   9899:1999|AA. Bibliography#ISO/IEC 9899-1999] \]  standard   functions   and   not   managed   string   functions.
The forthcoming technical report ISO/IEC TR 24731-2 will also provide an API that dynamically allocates the results of string functions as needed.
Risk Assessment
...
String   handling   functions   defined   in   C99  \[ [ISO/IEC   9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\],   Section   7.21   and   elsewhere   are   susceptible   to   common   programming   errors   that   can   lead   to   serious,   exploitable  [vulnerabilities|BB.  Definitions#vulnerability].  Managed   strings,   when   used   properly,   can   eliminate   many   of   these   errors,   particularly   in   new   development.
 Recommendation 
 Severity 
 Likelihood 
 Remediation Cost 
 Priority 
 Level 
 STR08-C 
 high 
 probable 
 high 
 P6 
 L2 
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
ISO/IEC 9899:1999 Section 7.21, "String handling <string.h>"
Bibliography
 Wiki Markup\[[Burch   2006|AA. Bibliography#Burch06]\]
\[]
 [CERT   2006c|AA. Bibliography#CERT 06c]\]
\[[Seacord 2005a|AA. Bibliography#Seacord 05a]\] Chapter 2, ]
 [Seacord 2005a] Chapter 2, "Strings"
...
STR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code      07. Characters and Strings (STR)