SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 48

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 49

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Macros are frequently used in the remediation of existing code to globally replace one identifier with another, for example, when an existing API changes. While there is always some risk involved, this practice becomes particularly dangerous if a function name is replaced with the function name of a deprecated or obsolescent functions. Deprecated functions are defined by the C99 standard and Technical Corrigenda. Obsolescent functions are defined by guideline MSC34-C. Do not use deprecated or obsolescent functions.

While compliance with guideline MSC34-C. Do not use deprecated or obsolescent functions guarantees compliance with this guideline, this recommendation emphasizes the extremely risky and deceptive practice or of replacing functions with less secure alternatives.

...

Wiki Markup
The Internet Systems Consortium's (ISC) Dynamic Host Configuration Protocol (DHCP) contained a vulnerability that introduced several potential buffer overflow conditions [VU#654390]. ISC DHCP makes use of the {{vsnprintf()}} function for writing various log file strings, which is defined in the Open Group Base Specifications Issue 6 \[[Open Group 042004|AA. Bibliography#Open Group 04]\] as well as C99 \[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\]. For systems that do not support {{vsnprintf()}}, a C include file was created that defines the {{vsnprintf()}} function to {{vsprintf()}}, as shown in this noncompliant code example:

...

Replacing secure functions with less secure functions is a very risky practice , because developers can be easily fooled into trusting the function to perform a security check that is absent. This may be a concern, for example, as developers attempt to adopt more secure functions, like the ISO/IEC TR 24731-1 functions (see that might not be available on all platforms. (See guideline STR07-C. Use TR 24731 for remediation of existing string manipulation code) that might not be available on all platforms..)

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

PRE09-C

high

likely

medium

P18

L1

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

This rule appears in the C++ Secure Coding Standard as : PRE09-CPP. Do not replace secure functions with less secure functions.

Bibliography

Wiki Markup
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 7.19.6.12, "The {{vsnprintf}} function"
\[[ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] "XYS Executing or Loading Untrusted Code"
\[[MITRE 072007|AA. Bibliography#MITRE 07]\] [CWE ID 684|http://cwe.mitre.org/data/definitions/684.html], "Failure to Provide Specified Functionality"
\[[Open Group 042004|AA. Bibliography#Open Group 04]\] [{{vsnprintf()}}|http://www.opengroup.org/onlinepubs/009695399/functions/vsnprintf.html]
\[[Seacord 05a2005a|AA. Bibliography#Seacord 05]\] Chapter 6, "Formatted Output"
\[[VU#654390|AA. Bibliography#VU#654390]\]

...