Null-terminated byte strings are, by definition, null-terminated. String operations cannot determine the length or end of strings that are not properly null-terminated, which can consequently result in buffer overflows and other undefined behavior.
Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.
Exception
An exception to this rule applies if the intent of the programmer is to convert a null-terminated byte string to a character array. To be compliant with this standard, this intent must be clearly stated in comments.
Priority: P12 Level: L1
Failure to properly null terminate null-terminated byte strings can result in buffer overflows and the execution of arbitrary code with the permissions of the vulnerable process by an attacker.
Component |
Value |
|---|---|
Severity |
3 (high) |
Likelihood |
2 (probable) |
Remediation cost |
2 (medium) |
References
- ISO/IEC 9899-1999 Section 7.1.1 Definitions of terms, Section 7.21 String handling <string.h>
- Seacord 05 Chapter 2 Strings
- ISO/IEC TR 24731-2006 Section 6.7.1.4 The strncpy_s function