SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 88

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version Current

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Internet Systems Consortium's (ISC) Dynamic Host Configuration Protocol (DHCP) contained a vulnerability that introduced several potential buffer overflow conditions [VU#654390]. ISC DHCP makes use of the vsnprintf() function for writing various log file strings; vsnprintf() is defined in the Standard for Information Technology—Portable the Portable Operating System Interface (POSIX®POSIX®), Base Specifications, Issue 7   [IEEE Std 1003.1:2013] as well as in the C Standard. For systems that do not support vsnprintf(), a C include file was created that defines the vsnprintf() function to vsprintf(), as shown in this noncompliant code example:

...

Replacing secure functions with less secure functions is a very risky practice because developers can be easily fooled into trusting the function to perform a security check that is absent. This may be a concern, for example, as developers attempt to adopt more secure functions, such as the C11 Annex K functions, that might not be available on all platforms. (See STR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code.)

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

PRE09-C

High

Likely

Medium

P18

L1

Automated Detection

ToolVersionCheckerDescription
PRQA QA-C Include PagePRQA_VPRQA_VSecondary analysisFully implemented
Astrée
Include Page
Astrée_V
Astrée_V

Supported, but no explicit checker
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-PRE09
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C5003
Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. PRE09-C


Checks for:

  • Use of dangerous standard function
  • Insufficient destination buffer size

Rec. fully covered.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++
Secure
Coding StandardVOID PRE09-CPP. Do not replace secure functions with less secure functions
ISO/IEC TR 24772:2013Executing or Loading Untrusted Code [XYS]
MITRE CWECWE-684, Failure to provide specified functionality

 Bibliography

[IEEE Std 1003.1:2013]XSH, System Interfaces, vsnprintf, vsprintf
— Format Output of a stdarg Argument List
[Seacord 2013]Chapter 6, "Formatted Output"
[VU#654390]
 

...



...

Image Modified Image Modified Image Modified