| Wiki Markup |
|---|
Local, automatic variables can assume unexpected values if they are used before they are initialized. C99 specifies "If an object that has automatic storage duration is not initialized explicitly, its value is indeterminate" \[[ISO/IEC 9899-:1999|AA. C References#ISO/IEC 9899-1999]\]. In the common case, on architectures that make use of a program stack, this value defaults to whichever values are currently stored in stack memory. While uninitialized memory often contains zeroes, this is not guaranteed. Consequently, uninitialized memory can cause a program to behave in an unpredictable or unplanned manner and may provide an avenue for attack. |
...
| Code Block | ||
|---|---|---|
| ||
#include <stdio.h>
#include <ctype.h>
#include <string.h>
int do_auth(void) {
char * username;
char * password;
/* Get username and password from user, return -1 if invalid */
}
void report_error(char const *msg) {
char const *error_log;
char buffer[24];
sprintf(buffer, "Error: %s", error_log);
printf("%s\n", buffer);
}
int main(void) {
if (do_auth() == -1) {
report_error("Unable to login");
}
return 0;
}
|
...
This solution is still problematic in that a buffer overflow will occur if the NULLnull-terminated byte string referenced by msg is greater than 17 bytes, including the NULL terminator. The solution also makes use of a "magic number," which should be avoided (see DCL06-A. Use meaningful symbolic constants to represent literal values in program logic).
...
| Wiki Markup |
|---|
\[[Flake 06|AA. C References#Flake 06]\] \[[ISO/IEC 9899-:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.7.8, "Initialization" \[[mercy 06|AA. C References#mercy 06]\] |
...
EXP32-C. Do not cast away a volatile qualification 03. Expressions (EXP) EXP34-C. Ensure a NULL null pointer is not dereferenced