CERT C: Rule POS39-C

Use the correct byte ordering when transferring data between systems

expand all in page

Description

Rule Definition

Use the correct byte ordering when transferring data between systems.¹

Polyspace Implementation

The rule checker checks for Missing byte reordering when transferring data.

Examples

expand all

Missing byte reordering when transferring data

Issue

Missing byte reordering when transferring data occurs when you do not use a byte ordering function:

Before sending data to a network socket.
After receiving data from a network socket.

Risk

Some system architectures implement little endian byte ordering (least significant byte first), and other systems implement big endian (most significant byte first). If the endianness of the sent data does not match the endianness of the receiving system, the value returned when reading the data is incorrect.

Fix

After receiving data from a socket, use a byte ordering function such as ntohl(). Before sending data to a socket, use a byte ordering function such as htonl().

Example - Data Transferred Without Byte Reordering

#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <byteswap.h>
#include <unistd.h>
#include <string.h>


unsigned int func(int sock, int server)
{
    unsigned int num;   /* assume int is 32-bits */
    if (server)
    {
        /* Server side */
        num = 0x17;
		/* Endianness of server host may not match endianness of network. */
        if (send(sock, (void *)&num, sizeof(num), 0) < (int)sizeof(num))  //Noncompliant
        {
            /* Handle error */
        }
        return 0;
    }
    else {
        /* Endianness of client host may not match endianness of network. */
        if (recv (sock, (void *)&num, sizeof(num), 0) < (int) sizeof(num))  
        {
            /* Handle error */
        }
		
		/* Comparison may be inaccurate */
        if (num> 255)   //Noncompliant
        {
            return 255;
        }
        else
        {
            return num;
        }
    }
}

In this example, variable num is assigned hexadecimal value 0x17 and is sent over a network to the client from the server. If the server host is little endian and the network is big endian, num is transferred as 0x17000000. The client then reads an incorrect value for num and compares it to a local numeric value.

Correction — Use Byte Ordering Function

Before sending num from the server host, use htonl() to convert from host to network byte ordering. Similarly, before reading num on the client host, use ntohl() to convert from network to host byte ordering.

#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <byteswap.h>
#include <unistd.h>
#include <string.h>

unsigned int func(int sock, int server)
{
    unsigned int num;   /* assume int is 32-bits */
    if (server)
    {
        /* Server side */
        num = 0x17;
		
		/* Convert to network byte order. */
        num = htonl(num); 
        if (send(sock, (void *)&num, sizeof(num), 0) < (int)sizeof(num)) 
        {
            /* Handle error */
        }
        return 0;
    }
    else {
        if (recv (sock, (void *)&num, sizeof(num), 0) < (int) sizeof(num)) 
        {
            /* Handle error */
        }
		
		/* Convert to host byte order. */
        num = ntohl(num); 
        if (num > 255) 
        {
            return 255;
        }
        else
        {
            return num;
        }
    }
}

Check Information

Group: Rule 50. POSIX (POS)

Version History

Introduced in R2019a

¹ This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.