Semmle 1.22
Skip to end of metadata
Go to start of metadata

Name: Use of dangerous function

Description: Use of a standard library function that does not guard against buffer overflow.

ID: cpp/dangerous-function-overflow

Kind: problem

Severity: error

Precision: very-high

Query: DangerousFunctionOverflow.ql
/**
 * @name Use of dangerous function
 * @description Use of a standard library function that does not guard against buffer overflow.
 * @kind problem
 * @problem.severity error
 * @precision very-high
 * @id cpp/dangerous-function-overflow
 * @tags reliability
 *       security
 *       external/cwe/cwe-242
 */
import cpp

from FunctionCall call, Function target
where
  call.getTarget() = target and
  target.hasGlobalName("gets")
select call, "gets does not guard against buffer overflow"

This rule finds calls to the gets function, which is dangerous and should not be used. See Related rules below for rules that identify other dangerous functions.

The gets function is one of the vulnerabilities exploited by the Internet Worm of 1988, one of the first computer worms to spread through the Internet. The gets function provides no way to limit the amount of data that is read and stored, so without prior knowledge of the input it is impossible to use it safely with any size of buffer.

Recommendation

Replace calls to gets with fgets, specifying the maximum length to copy. This will prevent the buffer overflow.

Example

The following example gets a string from standard input in two ways:

#define BUFFERSIZE (1024)

// BAD: using gets
void echo_bad() {
    char buffer[BUFFERSIZE];
    gets(buffer);
    printf("Input was: '%s'\n", buffer);
}

// GOOD: using fgets
void echo_good() {
    char buffer[BUFFERSIZE];
    fgets(buffer, BUFFERSIZE, stdin);
    printf("Input was: '%s'\n", buffer);
}

The first version uses gets and will overflow if the input is longer than the buffer. The second version of the code uses fgets and will not overflow, because the amount of data written is limited by the length parameter.

Related rules

Other dangerous functions identified by CWE-676 ("Use of Potentially Dangerous Function") include strcpy and strcat. Use of these functions is highlighted by rules for the following CWEs:

References
  • Wikipedia: Morris worm.
  • E. Spafford. The Internet Worm Program: An Analysis. Purdue Technical Report CSD-TR-823, (online), 1988.
  • Common Weakness Enumeration: CWE-242.