...
| Code Block | ||||
|---|---|---|---|---|
| ||||
char buf[BUFSIZ + 1];
if (fgets(buf, sizeof(buf), stdin) == NULL) {
/* Handle error */
}
buf[strlen(buf) - 1] = '\0';
|
Wiki Markup strlen()}} function computes the length of a string by determining the number of characters that precede the terminating null character. A problem occurs if the first character read from the input by {{fgets()}} happens to be a null character. This may occur, for example, if a binary data file is read by the {{fgets()}} call \ [[Lai 2006|AA. Bibliography#Lai 06]\]. If the first character in {{buf}} is a null character, {{strlen(buf)}} returns 0 and a write-outside-array-bounds error occurs.
Compliant Solution
This compliant solution uses strchr() to replace the new-line character in the string, if it exists. (See rue FIO36-C. Do not assume a new-line character is read when using fgets().)
...
MITRE CWE: CWE-241, "Failure to Handle Wrong Data Type"
Bibliography
...
\[[Lai 2006|AA. Bibliography#Lai 06]\]
\[[Seacord 2005a|AA. Bibliography#Seacord 05]\] Chapter 2, ]
[Seacord 2005a] Chapter 2, "Strings"
...
FIO36-C. Do not assume a new-line character is read when using fgets() 09. Input Output (FIO) FIO38-C. Do not use a copy of a FILE object for input and output