SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 68

changes.mady.by.user David Svoboda

Saved on

compared with

New Version Current

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
langc
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

char *get_filled_buffer(void) {
  char temp[32];
  char *ret = NULL;
  char *endsize_t full_length = ret0;
   
  while (fgets(temp, sizeof(temp), stdin)) {
    size_t len = strlen(temp);
    constif size_t(SIZE_MAX - len - 1 < full_sizelength) {
 = end - ret + lenbreak;
    }
    char *r_temp = realloc(ret, full_sizelength + len + 1); /* NTBS */
    if (r_temp == NULL) {
      break;
    }
    ret = r_temp;
    strcatstrcpy(ret + full_length, temp);
 /* concatenate */
 end  = retfull_length += full_sizelen;
   
    if (feof(stdin) || temp[len-1] == '\n') {
      return ret;
    }
  }

  free(ret);
  return NULL;
}

...

Incorrectly assuming a newline character is read by fgets() or fgetws() can result in data truncation.

Recommendation

Severity

Likelihood

Detectable

Remediation Cost

Repairable

Priority

Level

FIO20-C

Medium

Likely

No

Medium

Yes

P12

L1

Automated Detection

Tool

Version

Checker

Description

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C3591
C3592


LDRA tool suite
Include Page
LDRA_V
LDRA_V
44 SEnhanced enforcement

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

[Lai 2006]
 

[Seacord 2013]Chapter 2, "Strings"

...


...

Image Modified Image Modified Image Modified