
Failure to specify function prototypes results in a function being implicitly defined. Without a function prototype, the compiler will assume the the correct number and type of parameters have been supplied to a function. Calling a function with a different number of arguments then that function expects results in undefined, and perhaps unintended behavior.
C99 removed implicit function declarations from the C language [[ISO/IEC9899-1999]]. However, compilers will typically allow compilation of programs that contain implicitly defined functions, although they will issue a warning. These warnings should be resolved [[MSC00-A]], but they will not prevent program compilation. Given this, functions should be declared with the appropriate function prototype.
Non-Compliant Code Example 1
In this example, the definition of func()
expects three parameters but is supplied only two. However, because there is no prototype for func()
, the compiler assumes that the correct number of parameters has been supplied, using the next value on the program stack as the missing third argument.
function(1, 2); ... int func(int one, int two, int three){ printf("%d %d %d", one, two, three); return 1; }
Compliant Solution
int function(int,int,int); ... function(1,2); ... int func(int one, int two, int three){ printf("%d %d %d", one, two, three); return 1; }
Non-Compliant Code Example 2
function(1, 2); ... int func(int one, int two, int three){ printf("%d %d %d", one, two, three); return 1; }
Examples of vulnerabilities with CVE entry number
CVE-2002-1236, CAN-2003-0422 - CGI crashes when called without any arguments
CVE-2002-1531, CAN-2002-1077 - crash in HTTP request without a Content-Length field
CAN-2002-1358 - empty elements/strings in protocol test suite affect many SSH2 servers/clients
CAN-2003-0477 - FTP server crashes in PORT command without an argument
CVE-2002-0107 - resultant infoleak in web server via GET requests without HTTP/1.0 version string
CAN-2002-0596 - GET reqeust with empty parameter leads to error message infoleak (path disclosure)
Risk Assesment
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
DRAFT |
2 (medium) |
3 (likely) |
2 (medium) |
P12 |
L1 |
References
- ISO/IEC 9899 Common Warnings 2