When writing a library, perform a validity check on parameters passed to functions exposed as part of the public API. This allows the developer using the library to catch errors early, and it could protect the internal state of the library from corruption.
Non-Compliant Coding Example
For these examples, a library exposes an API as follows.
...
The vulnerability is more severe if the internal state references sensitive or system-critical data.
Compliant Solution
Validating the function parameters and verifying the internal state leads to consistency of program execution and may eliminate potential vulnerabilities.
| Code Block | ||
|---|---|---|
| ||
FILE *myFile;
int setfile(FILE *file) {
if (file && !ferror(file) && !feof(file)) {
myFile = file;
return 0;
}
myFile = NULL;
return -1;
}
int usefile() {
if (!myFile)
return -1;
/* perform other checks if needed, return error condition */
/* perform some action here */
return 0;
}
|
Risk Assessment
The most likely result of ignoring this recommendation is an access violation or a data integrity violation. Such a scenario is indicative of a flaw in the manner in which the library is used by the calling code. However, it may still be the library itself that is the vector by which the calling code's vulnerability is exploited.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSCxx-A | 1 (low) | 1 (unlikely) | 1 (high) | 1 | L3 |
References
Apple, Inc. Secure Coding Guide: Application Interfaces That Enhance Security. Retrieved Apr 26, 2007.