SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 75

changes.mady.by.user Michal Rozenau

Saved on

compared with

New Version Current

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
langc
void f() {
  char *path = NULL;
  /* Avoid assuming $PATH is defined or has limited length */
  const char *temp = getenv("PATH");
  if (temp != NULL) {
    path = (char*) malloc(strlen(temp) + 1);
    if (path == NULL) {
      /* Handle error condition */
    } else {
      strcpy(path, temp);
    }
    /* Use path */
    free(path);
  }
}

Compliant Solution (POSIX or C2x)

In this compliant solution, the strdup() function is used to dynamically allocate a duplicate of the string:

Code Block
bgColor#ccccff
languagec
void f() {
  char *path = NULL;
  /* Avoid assuming $PATH is defined or has limited length */
  const char *temp = getenv("PATH");
  if (temp != NULL) {
    path = strdup(temp);
    if (path == NULL) {
      /* Handle error condition */
    }
    /* Use path */
    free(path);
  }
}

Risk Assessment

Making assumptions about the size of an environmental variable can result in a buffer overflow.

...

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.MEM.BO
 LANG.MEM.TO
 (general)

Buffer overrun
Type overrun
CodeSonar's taint analysis includes handling for taint introduced through the environment

Compass/ROSE



Can detect violations of the rule by using the same method as STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator

Klocwork
Include Page
Klocwork_V
Klocwork_V
ABV.ANY_SIZE_ARRAY
ABV.GENERAL
ABV.GENERAL.MULTIDIMENSION
ABV.ITERATOR
ABV.MEMBER
ABV.STACK
ABV.TAINTED
ABV.UNKNOWN_SIZE
ABV.UNICODE.BOUND_MAP
ABV.UNICODE.FAILED_MAP
ABV.UNICODE.NNTS_MAP
ABV.UNICODE.SELF_MAP
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-ENV01-a
CERT_C-ENV01-b
CERT_C-ENV01-c

Don't use unsafe C functions that do write to range-unchecked buffers
Avoid using unsafe string functions which may cause buffer overflows
Avoid overflow when writing to a buffer

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

669

Fully supported

Polyspace Bug FinderR2016a

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. ENV01-C

Checks for tainted

Destination buffer overflow in string manipulation

Tainted NULL or non-null-terminated string

Use of dangerous standard function

Function writes to buffer at offset greater than buffer size

Argument is from an unsecure source and may be NULL or not NULL-terminated

Dangerous functions cause possible buffer overflow in destination buffer

(rec. partially covered)

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...