...
This noncompliant code example shows the incorrect_password() function, which is called during identification and authentication to display an error message if the specified user is not found or the password is incorrect. The function accepts the name of the user as a null-terminated byte string referenced by user. This is an excellent example of data that originates from an untrusted, unauthenticated user. The function constructs an error message that is then output to stderr using the C standard Standard fprintf() function [ISO/IEC 9899:2011].
| Code Block | ||||
|---|---|---|---|---|
| ||||
void incorrect_password(const char *user) {
int ret;
/* user names are restricted to 256 characters or less */
static const char msg_format[] = "%s cannot be authenticated.\n";
size_t len = strlen(user) + sizeof(msg_format);
char *msg = (char *)malloc(len);
if (msg == NULL) {
/* Handle error */
}
ret = snprintf(msg, len, msg_format, user);
if (ret < 0) /* Handle error */ ;
else if (ret >= len) /* Handle truncated output */ ;
fprintf(stderr, msg);
free(msg);
}
|
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
Fortify SCA | V. 5.0 | ||||||||
Splint |
| ||||||||
| GCC |
| Can detect violations of this rule when the | |||||||
Compass/ROSE |
| ||||||||
| SV.FMTSTR.GENERIC | ||||||||
| 86 D | Partially implemented. |
...
ISO/IEC PDTR 24772 "RST Injection"
ISO/IEC TR TS 17961 (Draft) Including tainted or out-of-domain input in a format string [usrfmt]
...