SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 63

changes.mady.by.user Martin Sebor

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

Redundant testing by caller and by callee as a style of defensive programming is largely discredited in the C and C++ communitycommunities, the main problem being performance. The usual discipline in C and C++ is to require validation on only one side of each interface.

...

Code Block
bgColor#FFcccc
langc
/* setsSets some internal state in the library */
extern int setfile(FILE *file);

/* performsPerforms some action using the file passed earlier */
extern int usefile();

static FILE *myFile;

void setfile(FILE *file) {
    myFile = file;
}

void usefile(void) {
    /* performPerform some action here */
}

The vulnerability can be more severe if the internal state references sensitive or system-critical data.

...

Code Block
bgColor#ccccff
langc
/* setsSets some internal state in the library */
extern errno_t setfile(FILE *file);

/* performsPerforms some action using the file passed earlier */
extern errno_t usefile(void);

static FILE *myFile;

errno_t setfile(FILE *file) {
 if (file && !ferror(file) && !feof(file)) {
    myFile = file;
    return 0;
  }

  /* errorError safety: leave myFile unchanedunchanged */
  return -1;
}

errno_t usefile(void) {
  if (!myFile) return -1;

    /*
     * performPerform other checks if needed,; return 
     * error condition.
     */

    /* performPerform some action here */
    return 0;
}

...

Failing to validate the parameters in library functions may result in an access violation or a data integrity violation. Such a scenario indicates a flaw in how the library is used by the calling code. However, the library itself may still be the vector by which the calling code's vulnerability is exploited.

Recommendation

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

API00-C

Medium

medium

Unlikely

unlikely

No

high

No

P2

L3

Automated Detection

Tool

Version

Checker

Description

LDRA tool suite

Include PageLDRA_VLDRA_V

 

 

Astrée
Include Page
Astrée_V
Astrée_V

Supported
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.STRUCT.UPDUnchecked parameter dereference
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-API00-a

The validity of parameters must be checked inside each function

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

413, 613, 668

Partially supported: reports use of null pointers including function parameters which are assumed to have the potential to be null

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V781, V1111

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Key here (explains table format and definitions)

...

Taxonomy

Taxonomy item

Relationship

CERT C

...

MSC08-CPP. Functions should validate their parameters

...

MITRE CWE: CWE ID 20, "Insufficient input validation"

...

Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11CWE-20, Insufficient input validationPrior to 2018-01-12: CERT:
MITRE CWECWE-476Prior to 2018-01-12:

Bibliography

[Apple 2006]Application Interfaces That Enhance Security

...


...

Image Modified Image Modified Image Modified