SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 94

changes.mady.by.user Ankur Goyal

Saved on

compared with

New Version 95

changes.mady.by.user Ankur Goyal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: fixed xorl references

...

Wiki Markup
[CVE-2009-0587|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0587] results from a violation of this rule. Before version 2.24.5, Evolution Data Server performed unchecked arithmetic operations on the length of a user-input string and used the value to allocate space for a new buffer. Thus, an attacker could execute arbitrary code by inputting a long string, resulting in incorrect allocation and buffer overflow \[[xorl 2009|AA. C References#xorl 200905872009-0587]\].

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

Wiki Markup
\[[Coverity 07|AA. C References#Coverity 07]\]
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.3, "Memory Management Functions"
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "XYB Buffer Overflow in Heap"
\[[MITRE 07|AA. C References#MITRE 07]\] [CWE ID 190|http://cwe.mitre.org/data/definitions/190.html], "Integer Overflow (Wrap or Wraparound)," and [CWE ID 131|http://cwe.mitre.org/data/definitions/131.html], "Incorrect Calculation of Buffer Size"
\[[Seacord 05|AA. C References#Seacord 05]\] Chapter 4, "Dynamic Memory Management," and Chapter 5, "Integer Security"
\[[xorl 2009|AA. C References#xorl 200905872009-0587]\] "CVE-2009-0587: Evolution Data Server Base64 Integer Overflows"

...