SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 75

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 76

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

An application programming interface (API) specifies how a function is intended to be called. Calling a function with incorrect arguments can result in unexpected or unintended program behavior. Functions that are appropriately declared (see as in guideline DCL07-C. Include the appropriate type information in function declarators) will typically fail compilation if they are supplied with the wrong number or types of arguments. However, there are cases where supplying the incorrect arguments to a function will at best generate compiler warnings. These warnings should be resolved (see but do not prevent program compilation.(See guideline MSC00-C. Compile cleanly at high warning levels.) but do not prevent program compilation.

Noncompliant Code Example (Function Pointers)

...

Wiki Markup
The POSIX function {{open()}} \[[Open Group 042004|AA. Bibliography#Open Group 04]\] is a variadic function with the following prototype:

...

The open() function accepts a third argument to determine a newly created file's access mode. If open() is used to create a new file and the third argument is omitted, the file may be created with unintended access permissions. (see See guideline FIO06-C. Create files with appropriate access permissions.).

In this noncompliant code example from a vulnerability in the useradd() function of the shadow-utils package CVE-2006-1174 , the third argument to open() has been accidentally omitted.

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXP37-C

medium

probable

high

P4

L3

Automated Detection

Tool

Version

Checker

Description

...

Section

GCC

Include Page
c:GCC_V
c:GCC_V

 

Section

can detect violation of this rule when the -Wstrict-prototypes flag is used. However, it cannot detect violations involving variadic functions, such as the open() example described earlier.

Section

Compass/ROSE

 

 

Section

can detect some violations of this rule. In particular, it ensures that all calls to open() supply exactly two arguments if the second argument does not involve O_CREAT, and exactly three arguments if the second argument does involve O_CREAT.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

This rule appears in the C++ Secure Coding Standard as : EXP37-CPP. Call variadic functions with the arguments intended by the API.

Bibliography

Wiki Markup
\[[CVE|AA. Bibliography#CVE]\] [CVE-2006-1174 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1174]
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Forward and Section 6.9.1, "Function definitions"
\[[ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] "OTR Subprogram Signature Mismatch"
\[[MISRA 042004|AA. Bibliography#MISRA 04]\] Rule 16.6
\[[MITRE 072007|AA. Bibliography#MITRE 07]\] [CWE ID 628|http://cwe.mitre.org/data/definitions/628.html], "Function Call with Incorrectly Specified Arguments"
\[[Spinellis 062006|AA. Bibliography#Spinellis 06]\] Section 2.6.1, "Incorrect Routine or Arguments"

...