CERT C: Rec. WIN04-C

Consider encrypting function pointers

Since R2026a

expand all in page

Description

Consider encrypting function pointers¹

Polyspace Implementation

The rule checker checks for the issue Non-encrypted function pointer assignment.

Examples

expand all

Non-encrypted function pointer assignment

Issue

This issue occurs if a function pointer is directly assigned to a variable, passed to a function, or returned from a function.

Risk

Storing the address of a function in stack using a function pointer introduces a vulnerability in the code. If an attacker accesses the memory location in the address, they can replace the function with arbitrary code that executes later when you attempt to invoke the function using the function pointer.

Fix

Encode the function pointer at runtime using techniques such as the EncodePointer() function. This function obfuscates the original function pointer in a way that can only be removed by the DecodePointer() function running in the same process as the EncodePointer() call.

Example — Direct Assignment of Function Address

In this example, the address of the printf() function is assigned directly to a function pointer.

#include <stdio.h>

void invokePrintFunction()
{
  int (*display) (const char *, ...) = printf; //Noncompliant
  /* ... */
  display("func");
}

Correction â€“ Encrypt Function Pointer

Use the function EncodePoiner() to encrypt the function pointer at runtime in a way that can be decrypted only with a DecodePointer() invocation in the same process.


          
          #include <stdio.h>
#include <Windows.h>

void invokePrintFunction()
{
  void *display_pointer = EncodePointer(printf);
  int (*display) (const char *, ...) = (int (*)(const char *, ...))DecodePointer(display_pointer); //Compliant
  /* ... */
  display("func");
}

Check Information

Group: Rec. 51. Microsoft Windows (WIN)

PQL Name: std.cert.WIN04_C

Version History

Introduced in R2026a

¹ This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.