...
A similar rule deals with parameter type in a more general sense: DCL07-C. Include the appropriate type information in function declarators.
In C+, the usage of foo() and foo(void) has exactly the same meaning and effect, so this rule doesn't apply to C+. But it is still recommended to explicitly declare However, foo(void) }}should be declared explicitly instead of {{foo() to distinguish it from foo(...), which will then take arbitrary parameters.
...
In this noncompliant code example, the caller gives a call to foo with a parameter specified as 3. Because foo() is declared without the void parameter, the compiler will not perform any caller check. Due to the accidental internal implementation, the function foo() outputs a the value : 3, which matches with the caller's temptationexpectation. In an inherited code base where foo and the caller are developed at different times, this can lead to the caller 's belief that will expect foo() actually accepts to accept one integer as a parameter and foo() will to output the corresponding message when the parameter is changed.
In fact, Because no function parameter specified for a function has the same meaning as an arbitrary parametersparameter, which means that the caller may can feed an arbitrary number of parameters to the function.
...
Another possible vulnerability is the leak of privileged information. In this noncompliant code example, suppose a user with high privileges feeds some secret input into to the caller that the caller then passes to foo(). Because of the way function foo() is defined, it is easy to assume that there is no way that for foo() can to retrieve info information from the caller. However, because the value of i is really passed into a stack (before the return address of the caller), a malicious programmer can change the internal implementation and copy the value manually and contain it in into a less privileged file.
| Code Block | ||
|---|---|---|
| ||
/* compile using gcc4.3.3 */
void foo() {
/* use asm code to retrieve i
* implicitly from caller
* and transfer it to a less privilege file */
}
...
/* caller */
foo(i); /* i is fed from user input */
|
...