Use strtol()
or a related function to convert a string token to an integer. The strtol()
, strtoll()
, strtoul()
, and strtoull()
functions convert the initial portion of a string token to long int
, long long int
, unsigned long int
, and unsigned long long int
representation, respectively. These functions provide more robust error handling than alternative solutions.
Risk Assessment
While it is relatively rare for a violation of this rule to result in a security vulnerability, it could more easily result in loss or misinterpreted data.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
INT06-A |
1 (low) |
2 (low) |
2 (medium) |
P2 |
L3 |
Examples of vulnerabilities resulting from the violation of this recommendation can be found on the CERTwebsite.
References
[[Klein 02]]
[[ISO/IEC 9899-1999]] Section 7.20.1.4, "The strtol, strtoll, strtoul, and strtoull functions," Section 7.20.1.2, "The atoi, atol, and atoll functions," and Section 7.19.6.7, "The sscanf function"