SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 16

changes.mady.by.user Lisa Robertson

Saved on

compared with

New Version Current

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Depending on the version of Windows the application is run on, failure to properly specify the library can lead to arbitrary code execution.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

WIN00-C

High

Unlikely

Low

P9

L2

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

BADFUNC.PATH.AFXLOADLIBRARY
BADFUNC.PATH.COLOADLIBRARY
BADFUNC.PATH.LOADLIBRARY

Use of AfxLoadLibrary
Use of CoLoadLibrary
Use of LoadLibrary

Klocwork
Include Page
Klocwork_V
Klocwork_V
SV.DLLPRELOAD.NONABSOLUTE.DLL
SV.DLLPRELOAD.NONABSOLUTE.EXE
SV.DLLPRELOAD.SEARCHPATH
 

Parasoft C/C++test
9.5SECURITY-04
Include Page
Parasoft_V
Parasoft_V

CERT_C-WIN00-a

Use care to ensure that LoadLibrary() will load the correct library
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

586

Fully supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V

 

Polyspace Bug Finder

R2016a

_V

CERT C: Rec. WIN00-C


Checks for:

Library loaded from externally controlled path

  • Load of library from a relative path can be controlled by
an
  • external actor
Using a library argument from an
  • Library loaded from externally controlled path
Library loaded with relative path is vulnerable to malicious attacks
  • .

Rec. partially covered.

Related Guidelines

...



Bibliography

  

...




...

Image ModifiedImage ModifiedImage Modified