Do not use functions that input character data and convert the character data if these functions they cannot handle all possible inputs. For example, formatted input functions such as scanf(), fscanf(), vscanf(), and vfscanf() can be used to read string data from stdin or (in the cases of fscanf() and vfscanf()) other input streamstreams. These functions work fine for valid integer values but lack robust error handling for invalid values.
| Wiki Markup |
|---|
Instead of these functionsAlternatively, tryinput inputingcharacter thedata value as a null-terminated byte string and then converting itcovert to an integer value using {{strtol()}} or a related function \[[INT06-A. Use strtol() to convert a string token to an integer]\]. |
...
| Include Page | ||||
|---|---|---|---|---|
|
Risk Assessment
While it is relatively rare for a violation of this rule to result in a security vulnerability, it could more easily result in loss or misinterpreted data.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
INT05-A | 2 (medium) | 2 (probable) | 1 (high) | P2 | L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[Klein 02|AA. C References#Klein 02]\] \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.1.4, "The strtol, strtoll, strtoul, and strtoull functions," and Section 7.19.6, "Formatted input/output functions" |