C and C++ Binaries

BADFUNC.BO.OEMTOCHAR : Use of {OemToAnsi,OemToChar}

Summary

A use of OemToAnsi(), OemToAnsiA(), OemToAnsiW(), OemToChar(), OemToCharA(), or OemToCharW(), which are vulnerable to buffer overflows.

Properties

Multiple warning classes share this mnemonic.

Checks for all these warning classes are disabled by default. To enable them all at once, add the following WARNING_FILTER rule to the project configuration file.

WARNING_FILTER += allow categories:BADFUNC.BO.OEMTOCHAR
Class Name Use of OemToAnsi
Significance security
Mnemonic BADFUNC.BO.OEMTOCHAR
Categories
AUTOSARC++14 AUTOSARC++14:A5-2-5 An array or container shall not be accessed beyond its range.
CWE CWE:120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  CWE:676 Use of Potentially Dangerous Function
CERT-C CERT-C:STR07-C Use the bounds-checking interfaces for string manipulation
CERT-CPP CERT-CPP:CTR52-CPP Guarantee that library functions do not overflow
DISA-6r1 DISA-6r1:V-222612 The application must not be vulnerable to overflow attacks.
DISA-5r3 DISA-5r3:V-70277 The application must not be vulnerable to overflow attacks.
DISA-4r3 DISA-4r3:V-70277 The application must not be vulnerable to overflow attacks.
DISA-3r10 DISA-3r10:V-6165 The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language.
BSI BSI:OemToChar  
OWASP-2017 OWASP-2017:A9 Using components with known vulnerabilities
OWASP-2021 OWASP-2021:A6 Vulnerable and outdated components
Availability Available for C and C++.
Enabling Checks for this warning class are disabled by default. To enable them, add the following WARNING_FILTER rule to the project configuration file. 
WARNING_FILTER += allow class="Use of OemToAnsi"
To enable all BSI-related classes, including all BSI-specific BADFUNC classes, use the bsi configuration preset.
Class Name Use of OemToChar
Significance security
Mnemonic BADFUNC.BO.OEMTOCHAR
Categories
AUTOSARC++14 AUTOSARC++14:A5-2-5 An array or container shall not be accessed beyond its range.
CWE CWE:120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  CWE:676 Use of Potentially Dangerous Function
CERT-C CERT-C:STR07-C Use the bounds-checking interfaces for string manipulation
CERT-CPP CERT-CPP:CTR52-CPP Guarantee that library functions do not overflow
DISA-6r1 DISA-6r1:V-222612 The application must not be vulnerable to overflow attacks.
DISA-5r3 DISA-5r3:V-70277 The application must not be vulnerable to overflow attacks.
DISA-4r3 DISA-4r3:V-70277 The application must not be vulnerable to overflow attacks.
DISA-3r10 DISA-3r10:V-6165 The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language.
BSI BSI:OemToChar  
OWASP-2017 OWASP-2017:A9 Using components with known vulnerabilities
OWASP-2021 OWASP-2021:A6 Vulnerable and outdated components
Availability Available for C and C++.
Enabling Checks for this warning class are disabled by default. To enable them, add the following WARNING_FILTER rule to the project configuration file. 
WARNING_FILTER += allow class="Use of OemToChar"
To enable all BSI-related classes, including all BSI-specific BADFUNC classes, use the bsi configuration preset.

Warning Classes

Warning Class Triggering Functions
Use of OemToAnsi OemToAnsi(), OemToAnsiA(), OemToAnsiW()
Use of OemToChar OemToChar(), OemToCharA(), OemToCharW()

Resolution

Use OemToCharBuff() instead.

Relevant Configuration File Parameters

This class is implemented using a BAD_FUNCTION_* rule set in the general template configuration file.

The following configuration file parameters affect checks for this warning class.