...
Null-terminated byte strings are implemented as arrays of characters and are susceptible to the same problems as arrays. As a result, rules and recommendations for arrays should also be applied to null-terminated byte strings.
Recommendations
STR00-A. Use TR 24731 for remediation of existing string manipulation code
...
STR07-A. Use plain char for character data
Rules
STR30-C. Do not attempt to modify string literals
...
STR33-C. Size wide character strings correctly
STR34-C. Cast characters to unsigned types before converting to larger integer sizes
Risk Assessment Summary
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
STR00-A | 3 (high) | 2 (probable) | 2 (medium) | P12 | L1 |
STR01-A | 3 (high) | 2 (probable) | 1 (high) | P6 | L2 |
STR02-A | 2 (medium) | 3 (likely) | 2 (medium) | P12 | L1 |
STR03-A | 1 (low) | 1 (unlikely) | 2 (medium) | P2 | L3 |
STR05-A | 1 (low) | 3 (likely) | 2 (medium) | P6 | L3 |
STR06-A | 2 (low) | 2 (probable) | 3 (low) | P12 | L1 |
STR07-A | 2 (medium) | 2 (probable) | 2 (medium) | P8 | L2 |
STR08-A | 1 (low) | 1 (unlikely) | 2 (medium) | P2 | L3 |
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
STR30-C | 1 (low) | 3 (likely) | 3 (low) | P9 | L2 |
STR31-C | 3 (high) | 3 (likely) | 2 (medium) | P18 | L1 |
STR32-C | 3 (high) | 2 (probable) | 2 (medium) | P12 | L1 |
STR33-C | 3 (high) | 3 (likely) | 2 (medium) | P18 | L1 |
References
| Wiki Markup |
|---|
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.1.1, "Definitions of terms", and Section 7.21, "String handling <string.h>" \[[Seacord 05|AA. C References#Seacord 05]\] Chapter 2, "Strings" |