Do not use functions that input character data and convert the data if these functions cannot handle all possible inputs. For example, formatted input functions such as scanf()
, fscanf()
, vscanf()
, and vfscanf()
can be used to read string data from stdin
or (in the cases of fscanf()
and vfscanf()
) other input stream. These functions work fine for valid integer values but lack robust error handling for invalid values.
Instead of these functions, try inputing the value as a string and then converting it to an integer value using strtol()
or a related function [[INT06-A]].
Risk Assessment
While it is relativley rare for a violation of this rule to result in a security vulnerability, it could more easily result in loss or misinterpreted data.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
|
1 (low) |
2 (low) |
2 (medium) |
P2 |
L3 |
Examples of vulnerabilities resulting from the violation of this recommendation can be found on the CERT website.
References
[[Klein 02]]
[[ISO/IEC 9899-1999]] Section 7.20.1.4, "The strtol, strtoll, strtoul, and strtoull functions," and Section 7.19.6, "Formatted input/output functions"