SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 55

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 56

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Requiring the caller to validate arguments can result in faster code , because the caller may understand certain invariants in that prevent invalid values from being passed. Requiring the callee to validate arguments allows the validation code to be encapsulated in one location, reducing the size of the code and making it more likely that these checks are performed in a consistent and correct fashion.

For safety and security reasons, this standard recommends that the called function validate its parameters. Validity checks allow the function to survive at least some forms of improper usage, enabling an application using the function to likewise survive, and often simplifies . Validity checks can also simplify the task of determining the condition that caused the invalid parameter.

...

In this noncompliant code example, setfile() and usefile() do not validate their parameters. It is possible that an invalid file pointer may can be used by the library, corrupting the library's internal state and exposing a vulnerability.

Code Block
bgColor#FFcccc
/* sets some internal state in the library */
extern int setfile(FILE *file);

/* performs some action using the file passed earlier */
extern int usefile();

static FILE *myFile;

void setfile(const FILE *file) {
    myFile = file;
}

void usefile(void) {
    /* perform some action here */
}

The vulnerability may can be more severe if the internal state references sensitive or system-critical data.

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

API00-C

medium

unlikely

high

P2

L3

Automated Detection

...

Tool

Version

Checker

Description

Section

LDRA tool suite

...

Include Page
c:LDRA_V
c:LDRA_V

 

 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

CERT This rule appears in the C++ Secure Coding Standard as : MSC08-CPP. Functions should validate their parameters.

MITRE CWE: CWE ID 20, "Insufficient Input Validation"

Bibliography

Wiki Markup
\[[Apple 062006|AA. Bibliography#Apple 06]\] [Application Interfaces That Enhance Security|http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/Articles/AppInterfaces.html], May 2006.
\[[MITRE 07|AA. Bibliography#MITRE 07]\] [CWE ID 20|http://cwe.mitre.org/data/definitions/20.html], "Insufficient Input Validation"

...

13. Application Programming Interfaces (API)      13. Application Programming Interfaces (API)