SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 48

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 49

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: simplified title somewhat

Many existing functions that return an errno error code are declared as returning a value of type int. It is semantically unclear by looking at the function declaration or prototype if these functions return an error status or a value or worse, some combination of the two (see ERR02-C. Avoid in-band error indicators).

...

This recommendation depends on TR 24731-1 and advocates using errno_t in new code where appropriate.

Noncompliant Code Example

This noncompliant code example shows a function called opener() that returns errno error codes. However, the function is declared as returning an int. Consequently, the meaning of the return value is not as clear as it could be.

...

This noncompliant code example, however, does comply with ERR30-C. Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure.

Compliant Solution

In this compliant solution, the opener() function returns a value of type errno_t, providing a clear indication that this function returns an error code.

...

NOTE: EINVAL and EIO are not defined in C99, but they are available in most implementations and are defined in POSIX.

Risk Assessment

Failing to test for error conditions can lead to vulnerabilities of varying severity. Declaring functions that return an errno with a return type of errno_t will not eliminate this problem, but may reduce errors caused by programmers misunderstanding the purpose of a return value.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

DCL09-C

low

unlikely

low

P3

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

This rule appears in the C++ Secure Coding Standard as DCL09-CPP. Declare functions that return an errno error code with a return type of errno_t.

References

Wiki Markup
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.7.5.3, "Function declarators (including prototypes)"
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "NZN Returning error status"
\[[ISO/IEC TR 24731-1:2007|AA. C References#ISO/IEC TR 24731-1-2007]\]
\[[MISRA 04|AA. C References#MISRA 04]\] Rule 20.5
\[[Open Group 04|AA. C References#Open Group 04]\]

...