...
There are several national variants of ASCII. As a result, the original ASCII is often called US-ASCII. ISO/IEC 646-1991 defines a character set, similar to US-ASCII, but with code positions corresponding to US-ASCII characters @[]{|
} as national use positions [ISO/IEC 646-1991]. It also gives some liberties with the characters #$^`~
. In particular characters (e.g., #$^`~
). In ISO/IEC 646-1991, several national variants of ASCII are defined, assigning different letters and symbols to the national use positions. Consequently, the characters that appear in those positions, including those in US-ASCII, are less portable in international data transfer. Because of the national variants, some characters are less portable than others: they might be transferred or interpreted incorrectly.
...
Code Block | ||||
---|---|---|---|---|
| ||||
#include <fcntl.h> #include <sys/stat.h> int main(void) { char *file_name = "»£???«\xe5ngstr\xf6m"; mode_t mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH; int fd = open(file_name, O_CREAT | O_EXCL | O_WRONLY, mode); if (fd == -1) { /* Handle error */ } } |
An implementation is free to define its own mapping of the "nonsafe" characters. For example, when tested run on a Red Hat Enterprise Linux distribution7.5, this noncompliant code example resulted in the following file name being revealed by the ls
command:
Code Block |
---|
?ngstr?????m |
Compliant Solution (File Name 1)
...
Tool | Version | Checker | Description | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Astrée |
| bitfield-name | Partially checked | ||||||||||||
Helix QAC |
| C0285, C0286, C0287, C0288, C0289, C0299 | |||||||||||||
LDRA tool suite |
| 113 S | Partially implemented | ||||||||||||
Parasoft C/C++test |
| CERT_C-MSC09-a | Only use characters defined in the ISO C standard | PRQA QA-C | |||||||||||
Include Page | PRQA QA-C_v | PRQA QA-C_v | 0285 | ||||||||||||
RuleChecker |
| bitfield-name | Partially checked | Partially implemented||||||||||||
SonarQube C/C++ Plugin |
| S1578 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...