SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 115

changes.mady.by.user Caden Milne

Saved on

compared with

New Version Current

changes.mady.by.user Francesco Mariani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

GCC allows specifying declaration attributes using the keyword __attribute__((__packed__)). When this attribute is present, the compiler will not add padding bytes for memory alignment unless an explicit alignment specifier for a structure member requires the introduction of padding bytes.

Code Block
bgColor#CCCCFF
borderStylesolid
#include <stddef.h>

struct test {
  int a;
  char b;
  int c;
} __attribute__((__packed__));

/* Safely copy bytes to user space */
extern int copy_to_user(void *dest, void *src, size_t size);

void do_stuff(void *usr_buf) {
  struct test arg = {.a = 1, .b = 2, .c = 3};
  copy_to_user(usr_buf, &arg, sizeof(arg));
}

...

Padding units might contain sensitive data because the C Standard allows any padding to take unspecified values. A pointer to such a structure could be passed to other functions, causing information leakage.

Rule

Severity

Likelihood

Detectable

RepairableRemediation Cost

Priority

Level

DCL39-C

Low

Unlikely

No

YesHigh

P1P2

L3

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
function-argument-with-paddingPartially checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-DCL39Detects composite structures with padding, in particular those passed to trust boundary routines.
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

MISC.PADDING.POTB

Padding Passed Across a Trust Boundary

Cppcheck Premium
Include Page
Cppcheck Premium_V
Cppcheck Premium_V


premium-cert-dcl39-cPartially implemented


Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

DF4941, DF4942, DF4943

Fully implemented
Klocwork
Include Page
Klocwork_V
Klocwork_V
PORTING.STORAGE.STRUCT

Fully implemented
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-DCL39-a

A pointer to a structure should not be passed to a function that can copy data to the user space

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule DCL39-CChecks for information leak via structure padding 
RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
function-argument-with-paddingPartially checked
Security Reviewer - Static Reviewer

Include Page
Security Reviewer - Static Reviewer_V
Security Reviewer - Static Reviewer_V

C20, C21,C22, C23, C25Fully implemented

Related Vulnerabilities

Numerous vulnerabilities in the Linux Kernel have resulted from violations of this rule. CVE-2010-4083 describes a vulnerability in which the semctl() system call allows unprivileged users to read uninitialized kernel stack memory because various fields of a semid_ds struct declared on the stack are not altered or zeroed before being copied back to the user.

...