SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 141

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 142

changes.mady.by.user Unknown User (lflynn)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Key here (explains table format and definitions)

CWE-125 Value 

Taxonomy

Taxonomy item

Relationship

C Secure Coding StandardAPI00-C. Functions should validate their parametersPrior to 2018-01-12: CERT: Unspecified Relationship
C Secure Coding StandardARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an arrayPrior to 2018-01-12: CERT: Unspecified Relationship
C Secure Coding StandardINT30-C. Ensure that unsigned integer operations do not wrapPrior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TS 17961:2013Forming invalid pointers by library functions [libptr]Prior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TR 24772:2013Buffer Boundary Violation (Buffer Overflow) [HCB]Prior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TR 24772:2013Unchecked Array Copying [XYW]Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11MITRE CWE

 

CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer2017-05-18: CERT: Rule subset of CWE
CWE 2.11CWE-121, Stack-based Buffer Overflow2017-05-18: CERT: Partial overlap
CWE 2.11CWE-123, Write-what-where Condition2017-05-18: CERT: Partial overlap
CWE 2.11CWE-125, Out-of-bounds Read2017-05-18: CERT: Partial overlap
CWE 2.11CWE-805, Buffer Access with Incorrect Length Value 2017-05-18: CERT: Partial overlap

CERT-CWE Mapping Notes

Key here for mapping notes

CWE-121 and ARR38-C

Intersection( CWE-121, ARR38-C) =

  • Stack buffer overflow from passing invalid arguments to library function

CWE-121 – ARR38-C =

  • Stack buffer overflows from direct out-of-bounds write

ARR38-C – CWE-121 =

  • Out-of-bounds read from passing invalid arguments to library function

  • Buffer overflow on heap or data segment from passing invalid arguments to library function

CWE-119 and ARR38-C

See CWE-119 and ARR30-C

CWE-125 and ARR38-C

Independent( ARR30-C, ARR38-C, EXP39-C, INT30-C) STR31-C = Subset( Union( ARR30-C, ARR38-C)) STR32-C = Subset( ARR38-C)

Intersection( ARR38-C, CWE-125) =

  • Reading from an out-of-bounds array index or off the end of an array via standard library function

ARR38-C – CWE-125 =

  • Writing to an out-of-bounds array index or off the end of an array via standard library function

CWE-125 – ARR38-C =

  • Reading beyond a non-array buffer

  • Reading beyond an array directly (using pointer arithmetic, or [] notation)

CWE-805 and ARR38-C

Intersection( CWE-805, ARR38-C) =

  • Buffer access with incorrect length via passing invalid arguments to library function

CWE-805 – ARR38-C =

  • Buffer access with incorrect length directly (such as a loop construct)

ARR38-C – CWE-805 =

  • Out-of-bounds read or write that does not involve incorrect length (could use incorrect offset instead), that uses library function

CWE-123 and ARR38-C

Independent(ARR30-C, ARR38-C) STR31-C = Subset( Union( ARR30-C, ARR38-C)) STR32-C = Subset( ARR38-C)

CWE-123 includes any operation that allows an attacker to write an arbitrary value to an arbitrary memory location. This could be accomplished via overwriting a pointer with data that refers to the address to write, then when the program writes to a pointed-to value, supplying a malicious value. Vulnerable pointer values can be corrupted by:

  • Stack return address

  • Buffer overflow on the heap (which typically overwrites back/next pointer values)

  • Write to untrusted array index (if it is also invalid)

  • Format string exploit

  • Overwriting a C++ object with virtual functions (because it has a virtual pointer)

  • Others?

Intersection( CWE-123, ARR38-C) =

  • Buffer overflow via passing invalid arguments to library function

ARR38-C – CWE-123 =

  • Buffer overflow to “harmless” memory from passing invalid arguments to library function

  • Out-of-bounds read from passing invalid arguments to library function

CWE-123 – ARR38-C =

  • Arbitrary writes that do not involve standard C library functions

Bibliography

[Cassidy 2014]Existential Type Crisis : Diagnosis of the OpenSSL Heartbleed Bug
[IETF: RFC 6520] 
[ISO/IEC TS 17961:2013] 
[VU#720951] 

...