...
Alternatively, input character data as a null-terminated byte string and convert to an integer value using strtol() or a related function (see INT06-AC. Use strtol() or a related function to convert a string token to an integer).
...
Noncompliant Code Example
This non-compliant noncompliant code example uses the scanf() function to read a string from stdin and convert it to a long. The scanf() and fscanf() functions have undefined behavior if the value of the result of this operation cannot be represented as an integer.
| Code Block | ||
|---|---|---|
| ||
long sl;
if (scanf("%ld", &sl) != 1) {
/* handler error */
}
|
Compliant Solution
This compliant example uses fgets() to input a string and strtol() to convert the string to an integer. Error checking is provided to make sure that the value is a valid integer in the range of long.
...
Note that this solution treats any trailing characters, including white-space characters, as an error condition.
Risk Assessment
While it is relatively rare for a violation of this rule to result in a security vulnerability, it can easily result in loss or misinterpreted data.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
INT05-A C | medium | probable | high | P4 | L3 |
Automated Detection
Fortify SCA Version 5.0 with the CERT C Rule Pack can detect violations of this recommendation.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[Klein 02|AA. C References#Klein 02]\] \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.1.4, "The strtol, strtoll, strtoul, and strtoull functions," and Section 7.19.6, "Formatted input/output functions" |
...
INT04-C. Enforce limits on integer values originating from untrusted sources 04. Integers (INT) INT06-AC. Use strtol() or a related function to convert a string token to an integer