Main Content

CWE Rule 198

Use of Incorrect Byte Ordering

Since R2024a

expand all in page

Description

Rule Description

The product receives input from an upstream component, but it does not account for byte ordering (e.g. big-endian and little-endian) when processing the input, causing an incorrect number or value to be used.

Polyspace Implementation

The rule checker checks for Missing byte reordering when transferring data.

Examples

expand all

Issue

This issue occurs when you do not use a byte ordering function:

  • Before sending data to a network socket.

  • After receiving data from a network socket.

Risk

Some system architectures implement little endian byte ordering (least significant byte first), and other systems implement big endian (most significant byte first). If the endianness of the sent data does not match the endianness of the receiving system, the value returned when reading the data is incorrect.

Fix

After receiving data from a socket, use a byte ordering function such as ntohl(). Before sending data to a socket, use a byte ordering function such as htonl().

Example — Data Transferred Without Byte Reordering
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <byteswap.h>
#include <unistd.h>
#include <string.h>


unsigned int func(int sock, int server)
{
    unsigned int num;   /* assume int is 32-bits */
    if (server)
    {
        /* Server side */
        num = 0x17;
		/* Endianness of server host may not match endianness of network. */
        if (send(sock, (void *)&num, sizeof(num), 0) < (int)sizeof(num))  //Noncompliant
        {
            /* Handle error */
        }
        return 0;
    }
    else {
        /* Endianness of client host may not match endianness of network. */
        if (recv (sock, (void *)&num, sizeof(num), 0) < (int) sizeof(num))  
        {
            /* Handle error */
        }
		
		/* Comparison may be inaccurate */
        if (num> 255)   //Noncompliant
        {
            return 255;
        }
        else
        {
            return num;
        }
    }
}

In this example, variable num is assigned hexadecimal value 0x17 and is sent over a network to the client from the server. If the server host is little endian and the network is big endian, num is transferred as 0x17000000. The client then reads an incorrect value for num and compares it to a local numeric value.

Correction — Use Byte Ordering Function

Before sending num from the server host, use htonl() to convert from host to network byte ordering. Similarly, before reading num on the client host, use ntohl() to convert from network to host byte ordering.

#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <byteswap.h>
#include <unistd.h>
#include <string.h>

unsigned int func(int sock, int server)
{
    unsigned int num;   /* assume int is 32-bits */
    if (server)
    {
        /* Server side */
        num = 0x17;
		
		/* Convert to network byte order. */
        num = htonl(num); 
        if (send(sock, (void *)&num, sizeof(num), 0) < (int)sizeof(num)) 
        {
            /* Handle error */
        }
        return 0;
    }
    else {
        if (recv (sock, (void *)&num, sizeof(num), 0) < (int) sizeof(num)) 
        {
            /* Handle error */
        }
		
		/* Convert to host byte order. */
        num = ntohl(num); 
        if (num > 255) 
        {
            return 255;
        }
        else
        {
            return num;
        }
    }
}

Check Information

Category: Others

Version History

Introduced in R2024a

See Also

Topics

External Websites