...
A similar rule deals with parameter type in a more general sense: DCL07-C. Include the appropriate type information in function declarators.
In C+, the usage of foo() and foo(void) has have exactly the same meaning and effect, so this rule doesn't apply to C+. However, foo(void) should be declared explicitly instead of foo() to distinguish it from foo(...), which will then take arbitrary parameters.
...
In this noncompliant code example, the caller calls foo() with an argument of 3. The caller expects foo() to accept a single int argument and to output the argument as part of a longer message. Because foo() is declared without the void parameter, the compiler will not perform any caller check. It is therefore possible that the caller may not detect the error. In this example, for instance, the function foo() might output the value 3 as expected.
...
Another possible vulnerability is the leak of privileged information. In this noncompliant code example, a user with high privileges feeds some secret input to the caller that the caller then passes to foo(). Because of the way function foo() is defined, we might assume that there is no way for foo() to retrieve information from the caller. However, because the value of i is really passed into a stack (before the return address of the caller), a malicious programmer can change the internal implementation and copy the value manually into a less privileged file.
| Code Block | ||
|---|---|---|
| ||
/* compile using gcc4.3.3 */
void foo() {
/* use asm code to retrieve i
* implicitly from caller
* and transfer it to a less privilegeprivileged file */
}
...
/* caller */
foo(i); /* i is fed from user input */
|
...