Page History

...

The POSIX standard developers decided to mark the asctime() function obsolescent even though they are in C99 because of the possibility of buffer overflow. C99 also provides the strftime() function which can be used to avoid these problems.

Noncompliant Code Example

Avoid using the asctime() function.

struct tm time;

time.tm_sec = 60;  /* Seconds [0,60] */
time.tm_min = 59;  /* Minutes [0,59] */ 
time.tm_hour = 23; /* Hour [0,23] */ 
time.tm_mday = 31; /* Day of month [1,31] */
time.tm_mon = 0;  /* Month of year [0,11] */ 
time.tm_year = 8100;  /* Years since 1900 */ 
time.tm_wday = 0; /* Day of week [0,6] (Sunday =0) */ 
time.tm_yday = 365; /* Day of year [0,365] */ 
time.tm_isdst = -1; /* Daylight Savings flag */ 
 
char *time = asctime(&time);

Compliant Solution

Use the strftime() function.

char *s=;
size_t maxsize;
const char *format;
const struct tm *timeptr;

size_t size = strftime(s, maxsize, format, timeptr);

Risk Assessment

On implementations that do not detect output string length overflow, it is possible to overflow the output buffers resulting in a vulnerability.

Automated Detection

Unknown.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

This rule appears in the C++ Secure Coding Standard as STR30-CPP. Do not attempt to modify string literals.

References

\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.23.3.1, "The asctime function" and Section 7.23.3.5, "The strftime function"

...