TR24731-1 provides a mechanism to handle violations of constraints that may only be discerned at runtime. Section 6.1.4 states:
1 Most functions in this technical report include as part of their specification a list of runtime-constraints. These runtime-constraints are requirements on the program using the library.
and
4 The runtime-constraint handler might not return. If the handler does return, the library function whose runtime-constraint was violated shall return some indication of failure as given by the returns section in the function's specification.
These runtime constraint handlers mitigate some of the potential insecurity cuased by in-band error indicators. See ERR02-A. Avoid in-band error indicators
Risk Analysis
Not using runtime constraint violations lends itself to the same risks as using in-band error indicators. The risk of using in-band error indicators is difficult to quantify, and is consequently given as low. However, if the use of in-band error indicators results in programmers failing or incorrectly checking status code, the consequences can be more severe.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
ERR03-A |
low |
unlikely |
low |
P3 |
L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
ERR02-A. Avoid in-band error indicators 13. Error Handling (ERR) ERR30-C. Set errno to zero before calling a function, and use it only after the function returns a value indicating failure