SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 35

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Content by Label
showLabelsfalse
maxResults99
label+sig,+rule,-void
showSpacefalse
sorttitle
spacecom.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@3bbaf8c
cqllabel = "sig" and label = "rule" and label != "void" and space = currentSpace()

Info

Information for Editors
In order to have a new guideline automatically listed above be sure to label it sig and rule.

Risk Assessment Summary

Rule

Severity

Likelihood

Detectable

Repairable

Priority

Level

SIG30-CHighLikelyYesNo

P18

L1

SIG31-CHighLikelyYesNo

P18

L1

SIG34-CLowUnlikelyYesNo

P2

L3

SIG35-CLowUnlikelyNoNo

P1

L3

Related Rules and Recommendations

Navigation Map
signal
signal
cellWidth700
wrapAfter1
cellHeight15

...

Image Added Image Added Image Added

A signal is an interrupt that is used to notify a process that an event has occurred. That process can then respond to that event accordingly. C99 provides functions for sending and handling signals within a C program.

Signals are handled by a process by registering a signal handler using the signal() function, which is specified as:

Code Block

void (*signal(int sig, void (*func)(int)))(int);

Improper handling of signals can lead to security vulnerabilities. The following rules and recommendations are meant to eliminate common errors associated with signal handling.

Recommendations

SIG00-A. Avoid using the same handler for multiple signals

SIG01-A. Understand implementation-specific details regarding signal handler persistence

Rules

SIG30-C. Only call async-safe functions within signal handlers

SIG31-C. Do not access or modify shared objects in signal handlers

SIG32-C. Do not call longjmp() from inside a signal handler

SIG33-C. If a signal occurs as the result of abort() or raise(), it shall not call the raise() function

Risk Assessment Summary

Recommendations

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

SIG00-A

3 (high)

3 (likely)

1 (high)

P9

L2

SIG01-A

1 (high)

1 (likely)

3 (low)

P3

L3

Rules

...

Rule

...

Severity

...

Likelihood

...

Remediation Cost

...

Priority

...

Level

...

SIG30-C

...

3 (high)

...

3 (likely)

...

1 (high)

...

P9

...

L2

...

SIG31-C

...

3 (high)

...

3 (likely)

...

1 (high)

...

P9

...

L2

...

SIG32-C

...

3 (high)

...

3 (likely)

...

1 (high)

...

P9

...

L2

...

SIG33-C

...

1 (low)

...

1 (uinlikely)

...

3 (low)

...

P3

...