Q
Detector Library
C detectors (34/34)
Logging of sensitive informationInsecure Use Of ChrootDeadlock And Lock InconsistencyUnsafe File ExtensionOS command injectionIncorrect Use Of FreeUse Of Uninitialized VariableInsecure Use strcat fnSQL injectionBitwise Operator On Signed OperandInsecure use gets fnRandom fd exhaustionRedundant Free UsageInsecure Use MemsetDivide By Zero.Return Stack AddressUnchecked Return ValueIncorrect Format SpecifierUnhandled Expression ResultPath traversalImproper Input ValidationOut Of Bounds ReadInteger OverflowInsecure use strtok functionImproper size of a memory bufferincomplete-cleanupNull pointer dereferenceInsecure Temporary File Or DirectoryInsecure Buffer AccessIncorrect Use Ato FnLoose File PermissionsExposure of Sensitive InformationOut-of-bounds WriteString Equality
Insecure Use Of Chroot High
Your code uses chroot function insecurely, risking security vulnerabilities. Ensure secure directory paths, proper error handling, and permissions to prevent unauthorized access. Review and enhance code for safer chroot usage.
Detector ID
c/insecure-use-of-chroot@v1.0
Category
Common Weakness Enumeration (CWE) 
Tags
-
Noncompliant example
1#include <stdlib.h>
2#include <unistd.h>
3#include <stdio.h>
4
5void insecureUseofChrootNoncompliant(){
6
7 const char* root_dir = "/jail/";
8 // Noncompliant: No chdir before or after chroot, and missing check of return value
9 chroot(root_dir);
10}
Compliant example
1#include <stdio.h>
2void insecureUseofChrootCompliant(){
3
4 const char* root_dir = "/jail/";
5
6 if(chdir(root_dir) == -1) {
7 exit(-1);
8 }
9 // Compliant: the current dir is changed to the jail and the results of both functions are checked
10 if(chroot(root_dir) == -1) {
11 exit(-1);
12 }
13
14}