You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

If a header file with the same name as one of the standard headers is placed in the typical path to search for libraries then the behavior is undefined.

Non-Compliant Example

Naming a header file in the standard library search path any of the following could cause problems:

<assert.h>
<complex.h>
<ctype.h>
<errno.h>
<fenv.h>
<float.h>
<inttypes.h>
<iso646.h>
<limits.h>
<locale.h>
<math.h>
<setjmp.h>
<signal.h>
<stdarg.h>
<stdbool.h>
<stddef.h>
<stdint.h>
<stdio.h>
<stdlib.h>
<string.h>
<tgmath.h>
<time.h>
<wchar.h>
<wctype.h>

Risk Assessment

It is possible that an attacker could place a duplicate header file in the library path in order to cause exploit behavior.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

   

2 (medium)

1 (unlikely)

3 (low)

P2

L2

References

[ISO/IEC 9899] 7.1.2 Standard Headers

  • No labels