SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 199

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 200

changes.mady.by.user Unknown User (lflynn)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Key here (explains table format and definitions)

Taxonomy

Taxonomy item

Relationship

CERT C Secure Coding StandardSTR03-C. Do not inadvertently truncate a stringPrior to 2018-01-12: CERT: Unspecified Relationship
CERT C Secure Coding StandardSTR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code
MSC24-C. Do not use deprecated or obsolescent functions
MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
FIO34-C. Distinguish between characters read from a file and EOF or WEOF		Prior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TR 24772:2013String Termination [CJM]Prior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TR 24772:2013Buffer Boundary Violation (Buffer Overflow) [HCB]Unchecked Array Copying [XYW]Prior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TR 24772:2013Unchecked Array Copying [XYW]Prior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TS 17961:2013Using a tainted value to write to an object using a formatted input or output function [taintformatio]Prior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TS 17961:2013Tainted strings are passed to a string copying function [taintstrcpy]Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11MITRE CWECWE-119, Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120, Buffer 2017-05-18: CERT: Rule subset of CWE
CWE 2.11CWE-120, Buffer Copy Copy without Checking Size of Input ("Classic Buffer Overflow")2017-05-15: CERT: Exact
CWE 2.11CWE-123, Write-what-where Condition2017-06-12: CERT: Partial overlap
CWE 2.11CWE-125, Out-of-bounds Read2017-05-18: CERT: Partial overlap
CWE -193, Off-by-one Error2.11CWE-6762017-05-18: CERT: Partial overlap

CERT-CWE Mapping Notes

Key here for mapping notes

CWE-122 and STR31-C

STR31-C = Union( CWE-122, list) where list =

  • Buffer overflows on strings in the stack or data segment

CWE-125 and STR31-C

Independent( ARR30-C, ARR38-C, EXP39-C, INT30-C) STR31-C = Subset( Union( ARR30-C, ARR38-C)) STR32-C = Subset( ARR38-C)

Intersection( STR31-C, CWE-125) =

  • Directly reading beyond the end of a string

STR31-C – CWE-125 =

  • Directly writing beyond the end of a string

CWE-125 – STR31-C =

  • Reading beyond a non-string array

  • Reading beyond a string using library functions

CWE-676 and STR31-C

  • Independent( ENV33-C, CON33-C, STR31-C, EXP33-C, MSC30-C, ERR34-C)

  • STR31-C implies that several C string copy functions, like strcpy() are dangerous.

Intersection( CWE-676, STR31-C) =

  • Buffer Overflow resulting from invocation of the following dangerous functions:

  • gets(), fscanf(), strcpy(), sprintf()

STR31-C – CWE-676 =

  • Buffer overflow that does not involve the dangerous functions listed above.

CWE-676 - STR31-C =

  • Invocation of other dangerous functions

CWE-121 and STR31-C

STR31-C = Union( CWE-121, list) where list =

  • Buffer overflows on strings in the heap or data segment

CWE-123 and STR31-C

Independent(ARR30-C, ARR38-C) STR31-C = Subset( Union( ARR30-C, ARR38-C)) STR32-C = Subset( ARR38-C)

Intersection( CWE-123, STR31-C) =

  • Buffer overflow that overwrites a (unrelated) pointer with untrusted data

STR31-C – CWE-123 =

  • Buffer overflow that does not overwrite a (unrelated) pointer

CWE-123 – STR31-C =

  • Arbitrary writes that do not involve buffer overflows

CWE-119 and STR31-C

Independent( ARR30-C, ARR38-C, ARR32-C, INT30-C, INT31-C, EXP39-C, EXP33-C, FIO37-C) STR31-C = Subset( Union( ARR30-C, ARR38-C)) STR32-C = Subset( ARR38-C)

CWE-119 = Union( STR31-C, list) where list =

  • Out-of-bounds reads or writes that are not created by string copy operations

CWE-193 and STR31-C

Intersection( CWE-193, STR31-C) = Ø

CWE-193 involves an integer computation error (typically off-by-one), which is often a precursor to (slight) buffer overflow. However the two errors occur in different operations and are thus unrelated.

Bibliography

[Dowd 2006]Chapter 7, "Program Building Blocks" ("Loop Constructs," pp. 327–336)
[Drepper 2006]Section 2.1.1, "Respecting Memory Bounds"
[ISO/IEC 9899:2011]K.3.5.4.1, "The gets_s Function"
[Lai 2006] 
[NIST 2006]SAMATE Reference Dataset Test Case ID 000-000-088
[Seacord 2013b]Chapter 2, "Strings"
[xorl 2009]FreeBSD-SA-09:11: NTPd Remote Stack Based Buffer Overflows

...