Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-1079

"scanf()" and "fscanf()" format strings should specify a field width for the "%s" string placeholder

    Details

    • Message:
      Add a field width specifier to this "%s" placeholder.
    • Default Severity:
      Critical
    • Impact:
      High
    • Likelihood:
      Low
    • Default Quality Profiles:
      Sonar way, MISRA C++ 2008 recommended
    • Covered Languages:
      C, C++, Objective-C
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      10min
    • CWE:
      CWE-120, CWE-676
    • OWASP:
      A9
    • SANS Top 25:
      Risky Resource Management
    • CPPCheck:
      invalidscanf, missingScanfFormatWidth

      Description

      The %s placeholder is used to read a word into a string.
      By default, there is no restriction on the length of that word, and the developer is required to pass a sufficiently large buffer for storing it.
      No matter how large the buffer is, there will always be a longer word.
      Therefore, programs relying on %s are vulnerable to buffer overflows.

      A field width specifier can be used together with the %s placeholder to limit the number of bytes which will by written to the buffer.
      Note that an additional byte is required to store the null terminator.

      Noncompliant Code Example

      char buffer[10];
      scanf("%s", buffer);      // Noncompliant - will overflow when a word longer than 9 characters is entered
      

      Compliant Solution

      char buffer[10];
      scanf("%9s", buffer);     // Compliant - will not overflow
      

      See

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                freddy.mallet Freddy Mallet (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: