SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 63

changes.mady.by.user Martin Sebor

Saved on

compared with

New Version 64

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFcccc
langc
/* setsSets some internal state in the library */
extern int setfile(FILE *file);

/* performsPerforms some action using the file passed earlier */
extern int usefile();

static FILE *myFile;

void setfile(FILE *file) {
    myFile = file;
}

void usefile(void) {
    /* performPerform some action here */
}

The vulnerability can be more severe if the internal state references sensitive or system-critical data.

...

Code Block
bgColor#ccccff
langc
/* setsSets some internal state in the library */
extern errno_t setfile(FILE *file);

/* performsPerforms some action using the file passed earlier */
extern errno_t usefile(void);

static FILE *myFile;

errno_t setfile(FILE *file) {
 if (file && !ferror(file) && !feof(file)) {
    myFile = file;
    return 0;
  }

  /* errorError safety: leave myFile unchanedunchanged */
  return -1;
}

errno_t usefile(void) {
  if (!myFile) return -1;

    /* performPerform other checks if needed, return 
     * error condition */

    /* performPerform some action here */
    return 0;
}

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Secure Coding Standard

...

MSC08-CPP. Functions should validate their parameters
MITRE CWE

...

CWE ID 20,

...

Insufficient input validation

...

...

Bibliography

[Apple 2006]Application Interfaces That Enhance Security

 , May 2006.