Null-terminated byte strings are, by definition, null-terminated. String operations cannot determine the length or end of strings that are not properly null-terminated, which can consequently result in buffer overflows and other undefined behavior.
Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.
Exception
An exception to this rule applies if the intent of the programmer is to convert a null-terminated byte string to a character array. To be compliant with this standard, this intent must be clearly stated in comments.
Risk Assessment
Failure to properly null terminate null-terminated byte strings can result in buffer overflows and the execution of arbitrary code with the permissions of the vulnerable process by an attacker.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
STR32-C |
3 (high) |
2 (probable) |
2 (medium) |
P12 |
L1 |
Examples of vulnerabilities resulting from the violation of this rule can be found on the CERT website.
References
[[ISO/IEC 9899-1999]] Section 7.1.1 Definitions of terms, Section 7.21 String handling <string.h>
[[Seacord 05]] Chapter 2 Strings
[[ISO/IEC TR 24731-2006]] Section 6.7.1.4 The strncpy_s function
[[Viega 05]] Section 5.2.14 Miscalculated null termination