MISRAC2012-Dir-4.14_c
In this section:
Synopsis
(Required) The validity of values received from external sources shall be checked.
Enabled by default
Yes
Severity/Certainty
Medium/Medium
Full description
User input is copied into a buffer.
Coding standards
- MISRA C:2012 Dir-4.14
(Required) The validity of values received from external sources shall be checked
Code examples
The following code example fails the check and will give a warning:
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char **argv) {
char passwd[10];
char *input = getenv("PASSWORD");
int accept;
strcpy(passwd, input);
if (accept)
printf("Login Successful\n");
else
printf("Unsuccessful Login\n");
}
The following code example passes the check and will not give a warning about this issue:
#include <string.h>
#include <stdio.h>
int main(int argc, char **argv) {
char passwd[10];
int accept;
if (strlen(argv[1]) < 10)
strcpy(passwd, argv[1]);
if (accept)
printf("Login Successful\n");
else
printf("Unsuccessful Login\n");
}