View Help Online

Start here

Home
About Klocwork
What's new
Fixed issues
Release notes
Installation

Reference

C/C++ checkers
Java checkers
C# checkers
MISRA C 2004 checkers
MISRA C++ 2008 checkers
MISRA C 2012 checkers
MISRA C 2012 checkers with Amendment 1
Commands
Metrics
Troubleshooting
Reference

Product components

C/C++ Integration build analysis
Java Integration build analysis
Desktop analysis
Refactoring
Klocwork Static Code Analysis
Klocwork Code Review
Structure101
Tuning
Custom checkers

Coding environments

Visual Studio
Eclipse for C/C++
Eclipse for Java
IntelliJ IDEA
Other

Administration

Project configuration
Build configuration
Administration
Analysis performance
Server performance
Security/permissions
Licensing
Klocwork Static Code Analysis Web API
Klocwork Code Review Web API

Community

View help online
Visit RogueWave.com
Klocwork Support
Rogue Wave Videos

Legal

Legal information

SV.BANNED.REQUIRED.SPRINTF

Banned sprintf function call

There are a number of C/C++ functions that are not considered secure, and are known as 'banned' for that reason. These functions are:

  • memory allocation functions like alloca
  • string concatenation functions like strcat and strncat
  • string copy functions like strcpy and strncpy
  • gets functions like gets and _getts
  • isbad functions like IsBadWritePtr
  • numeric conversion functions like _iota and _itow
  • OEM conversion functions like CharToOem
  • path functions like _splitpath and makepath
  • scan functions like scanf
  • string print functions like sprintf and snprintf
  • string tokenizing functions like strtok

The SV.BANNED family of checkers finds the use of any of the banned functions in code.

The SV.BANNED.REQUIRED.SPRINTF checker flags the use of unsafe sprintf-type functions and reports defects for 'unsafe' string functions that write formatted data to C-string (unfixed size).

Vulnerability and risk

Most of these prohibited functions were banned because they can lead to buffer overruns.

As well as functions like strcpy and strcat, the banned list includes many of the corresponding 'n' functions, like strncpy and strncat. Although the 'n' functions are often recommended as replacements for their matching non-'n' functions, they are now considered to have issues with non-null termination of overflowed buffers and lack of error returns on overflows.

Mitigation and prevention

Prohibiting the use of these banned APIs is a good way to remove a significant number of code vulnerabilities. The banned functions should be replaced with more secure versions, or the code should be re-designed to avoid the banned function entirely.

To avoid security issues, it is recommended that you use equivalent safe functions for each category of function when the safe equivalents exist for your compiler. In some cases, there are no replacement functions, so re-architecture of your code is advised.

For Microsoft compiler users, consider using functions from the StrSafe library for the sprintf functions: StringCchPrintf, StringCchVPrintf, StringCchPrintfEx, StringCchVPrintfEx, StringCbPrintf, StringVCbPrintf, StringCbPrintEx, or StringCbVPrintEx, depending on character count or byte count.

For gcc users, consider using functions from the libssp library, such as __snprintf_chk.c and __sprintf_chk.c.

Another option is the Safe CRT functions, such as sprintf_s, _snprintf_s, _snwprintf_s, _vstprintf_s or _vsntprintf_s.

As well as using safe replacement functions, it's important to check that the destination buffer is the appropriate size. An option is to consider is using the std::string template class rather than manipulating buffers directly.

Related checkers

External guidance

Parent topic: Banned required APIs
Previous topic: SV.BANNED.REQUIRED.ISBAD

© Rogue Wave Software, Inc. All rights reserved. | Contact