You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 37 Next »

If one definition affects another, encode the relationship in the definition; do not give two independent definitions. A corollary of this recommendation is not to encode transitory relationships in definitions.

Noncompliant Code Example

In this noncompliant code example, the definition for OUT_STR_LEN must always be two greater than the definition of IN_STR_LEN. The following definitions fail to embody this relationship:

enum { IN_STR_LEN=18, OUT_STR_LEN=20 };

A programmer performing maintenance on this program would need to identify the relationship and modify both definitions accordingly. While this sort of error appears relatively benign, it can easily lead to serious security vulnerabilities, such as buffer overflows.

Compliant Solution

The declaration in this compliant solution embodies the relationship between the two definitions.

enum { IN_STR_LEN=18, OUT_STR_LEN=IN_STR_LEN+2 };

As a result, a programmer can reliably modify the program by changing the definition of IN_STR_LEN.

Noncompliant Code Example

In this noncompliant code example, a relationship is established between two constants where none exists.

enum { ADULT_AGE=18 };

/* misleading, relationship established when none exists */
enum { ALCOHOL_AGE=ADULT_AGE+3 };

A programmer performing maintenance on this program may modify the definition for ADULT_AGE but fail to recognize that the definition for ALCOHOL_AGE has also been changed as a consequence.

Compliant Solution

This compliant solution does not assume a relationship when none exists:

enum { ADULT_AGE=18 };
enum { ALCOHOL_AGE=21 };

Risk Assessment

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

DCL08-C

low

unlikely

high

P1

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Secure Coding Standard: DCL08-CPP. Properly encode relationships in constant definitions

The CERT Oracle Secure Coding Standard for Java: DCL03-J. Properly encode relationships in constant definitions

ISO/IEC 9899:1999 Section 6.10, "Preprocessing directives," and Section 5.1.1, "Translation environment"

Bibliography

[Plum 1985] Rule 1-4


      02. Declarations and Initialization (DCL)      

  • No labels