...
These runtime constraint handlers mitigate some of the potential insecurity cuased by in-band error indicators. See ERR02-A. Avoid in-band error indicators
Non-Compliant Code Example
In this non-compliant example no set_constraint_handler_s() has been called so the implementation defined default handler will be called on a run-time error. This will result in inconsistent behavior across implementations and possible termination of the program instead of a graceful exit.
| Code Block |
|---|
|
function(&dst1){
char src1[100] = "hello";
if(strcpy_s(dst1, sizeof(dst1), src1)<0){
return -1;
}
}
|
Compliant Code Example (TR24731-1)
| Code Block |
|---|
|
constraint_handler_t handle_errors(){
/*define what to do when error occurs*/
}
/*...*/
set_constraint_handler(handle_errors);
/*...*/
function(&dst1){
char src1[100] = "hello";
if(strcpy_s(dst1, sizeof(dst1), src1)<0){
return -1;
}
}
|
Compliant Code Example (Visual Studio2008/.NET Framework 3.5)
| Code Block |
|---|
|
_invalid_parameter_handler handle_errors()(const wchar_t* expression,
const wchar_t* function,
const wchar_t* file,
unsigned int line,
uintptr_t pReserved)
{
/*define what to do when error occurs*/
}
/*...*/
_set_invalid_parameter_handler(handle_errors)
/*...*/
function(&dst1){
char src1[100] = "hello";
if(strcpy_s(dst1, sizeof(dst1), src1)<0){
return -1;
}
}
|
Risk Analysis
The TR24731-1 standard indicates that if no constraint handler is set, a default one executes when errors arise. The default handler is implementation-defined and "may cause the program to exit or abort". Therefore using constraint handlers prevents a program from immediately crashing.
...
