SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

According to C99, if the fgets() function fails, the contents of its parameterized array are undefined. Therefore, reset the string to a known value to avoid possible errors on subsequent string manipulation functions.

Non-Compliant Code Example

In this example, an error flag is set upon fgets() failure. However, buf is not reset, and will have unknown contents.

char buf[1024];
FILE *file;
/* Initialize file */

if (fgets(buf, 1024, file) == NULL) {
  /* set error flag and continue */
}
printf("Read in: %s\n", buf);

Compliant Solution

After fgets fails, buf is set to an error message.

char buf[1024];
FILE *file;
/* Initialize file */

if (fgets(buf, 1024, file) == NULL) {
  /* set error flag and continue */
  strcpy(buf, "fgets failed");
}
printf("Read in: %s\n", buf);

Risk Assessment

Making assumptions about the contents of the array set by fgets on failure could lead to undefined behavior, possibly resulting in abnormal program termination.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO40-C

1 (low)

1 (unlikely)

2 (medium)

P2

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Mitigation Strategies

Static Analysis

Since the nature of this issue and the solution recommended by this rule is local, simple static analysis should be effective at assuring compliance with this rule.  A simple search should be able to find calls to fgets() and local analysis should be effective at finding the code that applies when a NULL is returned as well as determining if the returned string is reset. 

This rule also lends itself to inclusion in a global rules set that can be shipped with a static analysis tool.

Dynamic Analysis

It may be possible to assure compliance with this rule with some run-time mechanism.  However, it seems unlikely that dynamic analysis would be chosen over the straight forward static analysis considering the well known disadvantages of dynamic analysis (performance, hard to confirm that all cases are covered, etc.).

Manual inspection

Manual inspection (especially if assisted by tooling to locate all calls to fgets()) could be effective and relatively efficient. 

Testing

Due to the low level of this rule (all calls to fgets()), it seems unlikely that testing would be used to provide assurance of a codebase's compliance.

References

[[ISO/IEC 9899-1999]] Section 7.19.7.2, "The fgets function"

  • No labels