...
| Code Block | ||||
|---|---|---|---|---|
| ||||
/* sock is a connected TCP socket */ uint32_t num; if (recv(sock, (void *)&num, sizeof(uint32_t), 0) < 0(int)sizeof(uint32_t)) { /* Handle error */ } printf("We received %u from the network!\n", (unsigned int)num); |
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
/* sock is a connected TCP socket */ uint32_t num; if (recv(sock, (void *)&num, sizeof(uint32_t), 0) < 0(int)sizeof(uint32_t)) { /* Handle error */ } num = ntohl(num); printf("We recieved %u from the network!\n", (unsigned int)num); |
...
If the programmer is careless, this bug is likely. However, it will immediately break the program by printing the incorrect result and therefore should be caught by the programmer during the early stages of debugging and testing. Recognizing a value as in reversed byte ordering, however, can be difficult depending on the type and magnitude of the data.
Recommendation | Severity | Likelihood | Detectable |
|---|
Repairable | Priority | Level |
|---|---|---|
POS39-C | Medium | Likely |
Yes | No |
P18
L1
P12 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| taint_sink | Soundly supported | ||||||
| Axivion Bauhaus Suite |
| CertC-POS39 | |||||||
| Helix QAC |
| DF4906, DF4907, DF4908 | |||||||
| Klocwork |
| BYTEORDER.NTOH.RECV BYTEORDER.NTOH.READ BYTEORDER.HTON.SEND BYTEORDER.HTON.WRITE | |||||||
| Parasoft C/C++test |
| CERT_C-POS39-a | Use the correct byte ordering when transferring data between systems | ||||||
| CERT C: Rule POS39-C | Checks for missing byte reordering when transferring data (rule fully covered) |
Bibliography
| [MSDN] | "Winsock Functions" |
| [Open Group 2004] | htonl, htons, ntohl, ntohs—Convert Values between Host and Network Byte Order |
...
...