SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 85

changes.mady.by.user David Svoboda

Saved on

compared with

New Version Current

changes.mady.by.user Francesco Mariani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Obsolescent
Function

Recommended
Alternative

bsearch()bsearch_s()
fprintf()fprintf_s()
fscanf()fscanf_s()
fwprintf()fwprintf_s()
fwscanf()fwscanf_s()
getenv()getenv_s()
gmtime()gmtime_s()
localtime()localtime_s()
mbsrtowcs()mbsrtowcs_s()
mbstowcs()mbstowcs_s()
memcpy()memcpy_s()
memmove()memmove_s()
printf()printf_s()
qsort()qsort_s()
scanf()scanf_s()
snprintf()snprintf_s()
sprintf()sprintf_s()
sscanf()sscanf_s()
strcat()strcat_s()
strcpy()strcpy_s()
strerror()strerror_s()
strlen()strnlen_s()
strncat()strncat_s()
strncpy()strncpy_s()
strtok()strtok_s()
swprintf()swprintf_s()
swscanf()swscanf_s()
vfprintf()vfprintf_s()
vfscanf()vfscanf_s()
vfwprintf()vfwprintf_s()
vfwscanf()vfwscanf_s()
vprintf()vprintf_s()
vscanf()vscanf_s()
vsnprintf()vsnprintf_s()
vsprintf()vsprintf_s()
vsscanf()vsscanf_s()
vswprintf()vswprintf_s()
vswscanf()vswscanf_s()
vwprintf()vwprintf_s()
vwscanf()vwscanf_s()
wcrtomb()wcrtomb_s()
wcscat()wcscat_s()
wcscpy()wcscpy_s()
wcslen()wcsnlen_s()
wcsncat()wcsncat_s()
wcsncpy()wcsncpy_s()
wcsrtombs()wcsrtombs_s()
wcstok()wcstok_s()
wcstombs()wcstombs_s()
wctomb()wctomb_s()
wmemcpy()wmemcpy_s()
wmemmove()wmemmove_s()
wprintf()wprintf_s()
wscanf()wscanf_s()

For information on the tmpfile() and tmpfile_s() functions, see FIO21-C. Do not create temporary files in shared directories.
For information on the memset() and memset_s() functions, see MSC06-C. Beware of compiler optimizations.

To remediate invocations of obsolescent functions, an application might use any of the following recommended functions from ISO/IEC TR 24731-2, Extensions to the C Library—Part II: Dynamic Allocation Functions [ISO/IEC TR 24731-2]:

...

The deprecated and obsolescent functions enumerated in this guideline are commonly associated with software vulnerabilities.

Rule

Severity

Likelihood

Detectable

Remediation CostRepairable

Priority

Level

MSC24-C

High

Probable

Yes

MediumNo

P12

L1

Automated Detection

library functions and atol from library shall
ToolVersionCheckerDescription
Astrée
Include Page
Astrée_V
Astrée_V

stdlib-use-ato

stdlib-macro-ato

stdlib-use-atoll

stdlib-macro-atoll

Partially checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-MSC24Fully implemented
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

BADFUNC.*
PARSE.DE

(customization)

A number of CodeSonar's "Use of *" checks are for deprecated/obsolescent functions
Deprecated Entity

CodeSonar also provides a mechanism for users to create custom checks for uses of specified functions

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.MSC34

Fully implemented

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C5039
C5040
C5041
C5042
C5043


LDRA tool suite
Include Page
LDRA_V
LDRA_V
44 S

Fully implemented

Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-MSC24-a
CERT_C-MSC24-b
CERT_C-MSC24-c
CERT_C-MSC24-d

The

'atof', 'atoi

', 'atol' and 'atoll' functions from the 'stdlib.h

' or 'cstdlib' library should not be used
The 'getenv()' function from the 'stdlib.h' or 'cstdlib' library shall not be used
Avoid using unsafe string functions which may cause buffer overflows
Don't use unsafe C functions that do write to range-unchecked buffers

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

586

Fully supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. MSC24-CChecks for use of obsolete standard function (rec. fully covered)


PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V513, V2001, V2002
RuleChecker
Include Page
RuleChecker_V
RuleChecker_V

stdlib-use-ato

stdlib-macro-ato

stdlib-use-atoll

stdlib-macro-atoll

Partially checked
Security Reviewer - Static Reviewer

Include Page
Security Reviewer - Static Reviewer_V
Security Reviewer - Static Reviewer_V

CuEV
CvariableScope
CWE395TEST_2_CPP
CWE561P25
CwPSPPE
CzDC
deallocret
integerOverflowCond
invalidContainer
invalidFunctionArg
leakUnsafeArgAlloc
memleak
memleakOnRealloc
noCopyConstructor
noOperatorEq
nullPointerRedundantCheck

Fully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

CERT C Secure Coding Standard

ERR07-C. Prefer functions that support error checking over equivalent functions that don't
INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs
ERR34-C. Detect errors when converting a string to a number
STR06-C. Do not assume that strtok() leaves the parse string unchanged
VOID STR07-C. Use the bounds-checking interfaces for string manipulation

ISO/IEC TR 24772 Use of Libraries [TRJ]
MISRA C:2012Rule 21.3 (required)
MITRE CWE

CWE-20, Insufficient input validation
CWE-73, External control of file name or path
CWE-79, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-89, Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-91, XML Injection (aka Blind XPath Injection)
CWE-94, Improper Control of Generation of Code ('Code Injection')
CWE-114, Process Control
CWE-120, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-192, Integer coercion error
CWE-197, Numeric truncation error
CWE-367, Time-of-check, time-of-use race condition
CWE-464, Addition of data structure sentinel
CWE-601, URL Redirection to Untrusted Site ('Open Redirect')
CWE-676, Use of potentially dangerous function

...

[Apple 2006]Apple Secure Coding Guide, "Avoiding Race Conditions and Insecure File Operations"
[Burch 2006]Specifications for Managed Strings, Second Edition
[Drepper 2006]Section 2.2.1 "Identification When Opening"
[IEEE Std 1003.1:2013]XSH, System Interfaces, open
ISO/IEC 23360-1:2006
[ISO/IEC WG14 N1173]Rationale for TR 24731 Extensions to the C Library Part I: Bounds-checking interfaces
[Klein 2002]"Bullet Proof Integer Input Using strtol()"
[Linux 2008]strtok(3)
[Seacord 2013]Chapter 2, "Strings"
Chapter 8, "File I/O"
[Seacord 2005b]"Managed String Library for C, C/C++"


...

Image Modified