MSC34-C. Do not use deprecated or obsolescent functions

Do not use deprecated or obsolsecent functions when more secure equivalent functions are available.
Deprecated functions are defined by the C99 standard and Technical Corrigenda. Obsolescent functions are defined by this guideline.

Deprecated Functions

The gets() function was deprecated by Technical Corrigendum 3.

Obsolescent Functions

The following functions are obsolescent and should be avoided in favor of either the portable equivalent or, if available, the more secure alternative defined in [ISO/IEC TR 24731-1] Extensions to the C Library, â” Part I: Bounds-checking interfaces.

Function	Portable Equivalent	Secure Alternative
`asctime()`		`asctime_s()`
`atof()`	`strtod()`
`atoi()`	`strtol()`
`atol()`	`strtol()`
`atoll()`	`strtoll()`
`bsearch()`		`bsearch_s()`
`ctime()`
`fopen()`		`fopen_s()`
`fprintf()`		`fprintf_s()`
`freopen()`		`freopen_s()`
`fscanf()`		`fscanf_s()`
`fwprintf()`		`fwprintf_s()`
`fwscanf()`		`fwscanf_s()`
`getenv()`		`getenv_s()`
`gmtime()`		`gmtime_s()`
`localtime()`		`localtime_s()`
`mbsrtowcs()`		`mbsrtowcs_s()`
`mbstowcs()`		`mbstowcs_s()`
`memcpy()`		`memcpy_s()`
`memmove()`		`memmove_s()`
`printf()`		`printf_s()`
`qsort()`		`qsort_s()`
`remove()`
`rename()`
`rewind()`	`fseek()`
`setbuf()`	`vsetbuf()`
`snprintf()`		`snprintf_s()`
`sprintf()`		`sprintf_s()`
`sscanf()`		`sscanf_s()`
`strcat()`		`strcat_s()`
`strcpy()`	`stpcpy()`	`strcpy_s()`
`strerror()`	`strerror_r()`	`strerror_s()`
`strncat()`		`strncat_s()`
`strncpy()`	`stpncpy()`	`strncpy_s()`
`strtok()`	`strtok_r()`	`strtok_s()`
`swprintf()`		`swprintf_s()`
`swscanf()`		`swscanf_s()`
`tmpfile()`	`mkstemp()`	`tmpfile_s()`
`tmpfile_s()`	`mkstemp()`
`tmpnam()`	`mkstemp()`	`tmpnam_s()`
`tmpnam_s()`	`mkstemp()`
`vfprintf()`		`vfprintf_s()`
`vfscanf()`		`vfscanf_s()`
`vfwprintf()`		`vfwprintf_s()`
`vfwscanf()`		`vfwscanf_s()`
`vprintf()`		`vprintf_s()`
`vscanf()`		`vscanf_s()`
`vsnprintf()`		`vsnprintf_s()`
`vsprintf()`		`vsprintf_s()`
`vsscanf()`		`vsscanf_s()`
`vswprintf()`		`vswprintf_s()`
`vswscanf()`		`vswscanf_s()`
`vwprintf()`		`vwprintf_s()`
`vwscanf()`		`vwscanf_s()`
`wcrtomb()`		`wcrtomb()`
`wcscat()`		`wcscat_s()`
`wcscpy()`		`wcscpy_s()`
`wcsncat()`		`wcsncat_s()`
`wcsncpy()`		`wcsncpy_s()`
`wcsrtombs()`		`wcsrtombs_s()`
`wcstok()`		`wcstok_s()`
`wcstombs()`		`wcstombs_s()`
`wctomb()`		`wctomb_s()`
`wmemcpy()`		`wmemcpy_s()`
`wmemmove()`		`wmemmove_r()`
`wprintf()`		`wprintf_s()`
`wscanf()`		`wscanf_s()`

Noncompliant Code Example

In this noncompliant code example, strcat() and strcpy() are used.

enum { BUFFERSIZE=256 };

void complain(const char *msg) {
  static const char prefix[] = "Error: ";
  static const char suffix[] = "\n";
  char buf[BUFFERSIZE];

  strcpy(buf, prefix);
  strcat(buf, msg);
  strcat(buf, suffix);
  fputs(buf, stderr);
}

Compliant Solution

In this compliant solution, strcat() and strcpy() are replaced by strcat_s() and strcpy_s().

enum { BUFFERSIZE=256 };

void complain(const char *msg) {
  static const char prefix[] = "Error: ";
  static const char suffix[] = "\n";
  char buf[BUFFERSIZE];

  strcpy_s(buf, BUFFERSIZE, prefix);
  strcat_s(buf, BUFFERSIZE, msg);
  strcat_s(buf, BUFFERSIZE, suffix);
  fputs(buf, stderr);
}

Risk Assessment

The deprecated and obsolescent enumerated in this guideline are commonly associated with software vulnerabilities.

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
MSC33-C	high	high	medium	P9	L2

Automated Detection

Unknown.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

[Burch 2006]
[CERT 2006c]
[ISO/IEC 9945:2003]
[ISO/IEC 9899:1999] Section 7.21, "String handling <string.h>"
[ISO/IEC 23360-1:2006]
[ISO/IEC TR 24731-1:2007]
[ISO/IEC PDTR 24731-2]
[MISRA 2004] Rule 20.4
[Seacord 2005a] Chapter 2, "Strings"

49. Miscellaneous (MSC) MSC35-C. Do not include any executable statements inside a switch statement before the first case label

Space shortcuts

Page tree