...
Code Block | ||||
---|---|---|---|---|
| ||||
/* First the options that are allowed only allowed for root */ if (getuid == 0 || geteuid != 0) { /* ... */ } |
...
Code Block | ||||
---|---|---|---|---|
| ||||
/* First the options that are allowed only allowed for root */ if (getuid() == 0 || geteuid != 0) { /* ... */ } |
...
Code Block | ||||
---|---|---|---|---|
| ||||
/* First the options that are allowed only allowed for root */ if (getuid() == 0 || geteuid() != 0) { /* ... */ } |
...
Code Block | ||||
---|---|---|---|---|
| ||||
/* First the options that are allowed only allowed for root */ if (getuid == (uid_t(*)(void))0 || geteuid != (uid_t(*)(void))0) { /* ... */ } |
...
Errors of omission can result in unintended program flow.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
EXP16-C |
Low |
Likely |
Medium | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| function-name-constant-comparison | Partially checked | ||||||
| BAD_COMPARE | Can detect the specific instance where the address of a function is compared against 0, such as in the case of | |||||||
GCC |
|
Can detect violations of this recommendation when the | |||||||||
Helix QAC |
| C0428, C3004, C3344 | |||||||
Klocwork |
|
EFFECT
CWARN.NULLCHECK.FUNCNAME | |||||||
LDRA tool suite |
|
| 99 S | Partially implemented | |||||||
Parasoft C/C++test |
| CERT_C-EXP16-a | Function address should not be compared to zero | ||||||
PC-lint Plus |
| 2440, 2441 | Partially supported: reports address of function, array, or variable directly or indirectly compared to null | ||||||
PVS-Studio |
| V516, V1058 | |||||||
RuleChecker |
| function-name-constant-comparison | Partially checked |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
SEI CERT C++ |
Coding Standard | VOID EXP16-CPP. Avoid conversions using void pointers |
ISO/IEC TR 24772:2013 | Likely incorrect expressions [KOA] |
ISO/IEC TS 17961 |
Comparing function addresses to zero [funcaddr] | |
MITRE CWE | CWE-480, Use of incorrect operator CWE-482, Comparing instead of assigning |
Bibliography
[Hatton 1995] | Section 2.7.2, "Errors of Omission and Addition" |
...
...