SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 52

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 53

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider v2.4 (sch jbop) (X_X)@==(Q_Q)@

...

Wiki Markup
There are a number of existing libraries available for managing string data; the library selected depends on the approach adopted for managing null-terminated byte strings.  The functions defined by C99 Section 7.21, "String handling <{{string.h}}>" \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] are primarily intended for managing statically allocated strings.  However, these functions are problematic because many of them are insufficiently bounded.  Consequently, this standard recommends use of the ISO/IEC TR 24731-1 \[[ISO/IEC TR 24731-1:2007|AA. C References#ISO/IEC TR 24731-1-2007]\] functions for use with statically allocated arrays (see [STR07-AC. Use TR 24731 for remediation of existing string manipulation code]). These functions provide bounds-checking interfaces to protect against buffer overflows and other runtime constraint violations.

...

Wiki Markup
Another library that uses dynamic allocation is the CERT managed string library.  The managed string library described in \[[Burch 06|AA. C References#Burch06]\] was developed in response to the need for a string library that can improve the quality and security of newly developed C language programs while eliminating obstacles to widespread adoption and possible standardization. The managed string library eliminates the possibility of unbounded copies, null-termination errors, and truncation by ensuring there is always adequate space available for the resulting string (including the terminating null character).  The primary advantage of the CERT managed string library, is that the source code is freely available so that the library can be adopted and customized as required by an organization.

Risk Assessment

Failing to adopt a consistent plan for managing strings within an application can lead to inconsistent decisions which may make it difficult to ensure system properties, such as adhering to safety requirements.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

STR01-A C

low

unlikely

high

P1

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[Burch 06|AA. C References#Burch06]\]
\[[CERT 06c|AA. C References#CERT 06c]\]
\[[ISO/IEC 9945:2003|AA. C References#ISO/IEC 9945-2003]\]
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.21, "String handling <{{string.h}}>"
\[[ISO/IEC 23360-1:2006|AA. C References#ISO/IEC 23360-1-2006]\]
\[[ISO/IEC TR 24731-1:2007|AA. C References#ISO/IEC TR 24731-1-2007]\]
\[[ISO/IEC PDTR 24731-2|AA. C References#ISO/IEC PDTR 24731-2-2007]\]
\[[MISRA 04|AA. C References#MISRA 04]\] Rule 20.4
\[[Seacord 05a|AA. C References#Seacord 05a]\] Chapter 2, "Strings"

...

      07. Characters and Strings (STR)       STR02-A. Sanitize data passed to complex subsystems Image Added