SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 19

changes.mady.by.user vishal patel

Saved on

compared with

New Version 20

changes.mady.by.user Shannon Haas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In this noncompliant code example, the addresses of the POSIX ® functions getuid and geteuid are compared for equality to 0. Since the address of no function is null the first subexpression will always evaluate to false (zero) while the second subexpression always to true (non-zero). Thus, the entire expression will always evaluate to true, leading to a potential security vulnerability.

Code Block
bgColor#FFcccc
langc
/* First the options that are only allowed for root */
if (getuid == 0 || geteuid != 0) {
  /* ... */
}

...

This noncompliant code example is from an actual vulnerability (VU#837857) discovered in some versions of the X Window System server. The vulnerability exists because the programmer neglected to provide the open and close parentheses following the geteuid() function identifier. As a result, the geteuid token returns the address of the function, which is never equal to zero. As a result, the or condition of this if statement is always true and access is provided to the protected block for all users. Many compilers issue a warning noting such pointless expressions. Therefore, this coding error is normally detected by adherence to recommendation MSC00-C. Compile cleanly at high warning levels.

Code Block
bgColor#FFcccc
langc
/* First the options that are only allowed for root */
if (getuid() == 0 || geteuid != 0) {
  /* ... */
}

...

The solution is to provide the open and close parentheses following the geteuid token so that the function is properly invoked.

Code Block
bgColor#ccccff
langc
/* First the options that are only allowed for root */
if (getuid() == 0 || geteuid() != 0) {
  /* ... */
}

...

A function pointer can be compared to a null function pointer of the same type.

Code Block
bgColor#ccccff
langc
/* First the options that are only allowed for root */ 
if (getuid == (uid_t(*)(void))0 || geteuid != (uid_t(*)(void))0) { 
  /* ... */ 
}

...

In this noncompliant code example, the function pointer do_xyz is implicitly compared unequal to 0.

Code Block
bgColor#FFcccc
langc
int do_xyz(void); 
 
if (do_xyz) { 
  /* handle error */ 
}

...

In this compliant solution, the function do_xyz() is invoked and the return value is compared to 0.

Code Block
bgColor#ccccff
langc
int do_xyz(void); 
 
if (do_xyz()) { 
  /* handle error */ 
}

...