SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 28

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Content by Label
showLabelsfalse
maxResults99
label+sig,+rule,-void
showSpacefalse
sorttitle
spacecom.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@3bbaf8c
cqllabel = "sig" and label = "rule" and label != "void" and space = currentSpace()

Info

Information for Editors
In order to have a new guideline automatically listed above be sure to label it sig and rule.

Risk Assessment Summary

Rule

Severity

Likelihood

Detectable

Repairable

Priority

Level

SIG30-CHighLikelyYesNo

P18

L1

SIG31-CHighLikelyYesNo

P18

L1

SIG34-CLowUnlikelyYesNo

P2

L3

SIG35-CLowUnlikelyNoNo

P1

L3

Related Rules and Recommendations

Navigation Map
signal
signal
cellWidth700
wrapAfter1
cellHeight15

...

Image Added Image Added Image Added

A signal is an interrupt that is used to notify a process that an event has occurred. That process can then respond to that event accordingly. ISO/IEC 9899-1999 C provides functions for sending and handling signals within a C program.

Signals are handled by a process by registering a signal handler using the signal() function, which is specified as:

Code Block

void (*signal(int sig, void (*func)(int)))(int);

There is also a POSIX implementation, that offers more control over how signals are processed.

Improper handling of signals can lead to security vulnerabilities. The following rules and recommendations are designed to reduce the common errors associated with signal handling.

Recommendations

SIG00-A. Avoid using the same handler for multiple signals

SIG01-A. Understand implementation-specific details regarding persistent signal handlers

Rules

SIG30-C. Only call asynchronous-safe functions within signal handlers

SIG31-C. Do not access or modify shared objects in signal handlers

SIG32-C. Do not call longjmp() from inside a signal handler

Risk Assessment Summary

Recommendations

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

SIG00-A

3 (high)

3 (likely)

1 (high)

P9

L2

Rules

...

Rule

...

Severity

...

Likelihood

...

Remediation Cost

...

Priority

...

Level

...

SIG30-C

...

3 (high)

...

3 (likely)

...

1 (high)

...

P9

...

L2

...

SIG31-C

...

3 (high)

...

3 (likely)

...

1 (high)

...

P9

...

L2

...

SIG32-C

...

3 (high)

...

3 (likely)

...

1 (high)

...

P9

...