Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarLint
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarCloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube

Secrets
ABAP
Apex
AzureResourceManager
C
C++
CloudFormation
COBOL
C#
CSS
Docker
Flex
Go
HTML
Java
JavaScript
Kotlin
Kubernetes
Objective C
PHP
PL/I
PL/SQL
Python
RPG
Ruby
Scala
Swift
Terraform
Text
TypeScript
T-SQL
VB.NET
VB6
XML

C static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C code

Filtered: 34 rules found

symbolic-execution

Impact

Clean code attribute

POSIX functions should not be called with arguments that trigger buffer overflows
Vulnerability
XML parsers should not be vulnerable to XXE attacks
Vulnerability
The address of an automatic object should not be assigned to another object that may persist after the first object has ceased to exist
Bug
Variables should not be accessed outside of their scope
Bug
"pthread_mutex_t" should be unlocked in the reverse order they were locked
Bug
"pthread_mutex_t" should be properly initialized and destroyed
Bug
"pthread_mutex_t" should not be locked when already locked, or unlocked when already unlocked
Bug
Stack allocated memory and non-owned memory should not be freed
Bug
Closed resources should not be accessed
Bug
Dynamically allocated memory should be released
Bug
Freed memory should not be used
Bug
Memory locations should not be released more than once
Bug
Memory access should be explicitly bounded to prevent buffer overflows
Bug
Resources should be closed
Bug
Server hostnames should be verified during SSL/TLS connections
Vulnerability
Server certificates should be verified during SSL/TLS connections
Vulnerability
Weak SSL/TLS protocols should not be used
Vulnerability
Parameter values should be appropriate
Bug
Zero should not be a possible denominator
Bug
Changing directories improperly when using "chroot" is security-sensitive
Security Hotspot
Using publicly writable directories is security-sensitive
Security Hotspot
Using clear-text protocols is security-sensitive
Security Hotspot
Only valid arguments should be passed to UNIX/POSIX functions
Code Smell
Only valid arguments should be passed to stream functions
Code Smell
Blocking functions should not be called inside critical sections
Code Smell
Return value of "setuid" family of functions should always be checked
Code Smell
Size of variable length arrays should be greater than zero
Code Smell
"mktemp" family of functions templates should have at least six trailing "X"s
Code Smell
Account validity should be verified when authenticating users with PAM
Vulnerability
Variables should be initialized before use
Bug
Null pointers should not be dereferenced
Bug
Appropriate size arguments should be passed to "strncat" and "strlcpy"
Code Smell
Unused assignments should be removed
Code Smell
"nonnull" pointers should not be set to null
Bug

Account validity should be verified when authenticating users with PAM

consistency - conventional

security

Vulnerability

MajorSonarSource default severity
click to learn more

cwe
symbolic-execution

Pluggable authentication module (PAM) is a mechanism used on many UNIX variants to provide a unified way to authenticate users, independently of the underlying authentication scheme.

Why is this an issue?

When authenticating users, if the validity of the account is not checked (not locked, not expired …), it may lead to unauthorized access to resources.

How to fix it

Code examples

Noncompliant code example

int valid(pam_handle_t *pamh) {
    if (pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK) != PAM_SUCCESS) { // Noncompliant
        return -1;
    }

    return 0;
}

Compliant solution

int valid(pam_handle_t *pamh) {
    if (pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK) != PAM_SUCCESS) {
        return -1;
    }
    if (pam_acct_mgmt(pamh, 0) != PAM_SUCCESS) {
        return -1;
    }

    return 0;
}

How does this work?

The account validity is checked with pam_acct_mgmt when authenticating a user with pam_authenticate.

Resources

Documentation

The Open Group - pam_acct_mgmt

Articles & blog posts

Packt hub - Development with Pluggable Authentication Modules (PAM)

Standards

OWASP - Top 10 2021 Category A7 - Identification and Authentication Failures
OWASP - Top 10 2017 Category A5 - Broken Access Control
CWE - CWE-304 - Missing Critical Step in Authentication

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Developer
Edition

© 2008-2023 SonarSource S.A., Switzerland. All content is copyright protected. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, and SONARCLOUD are trademarks of SonarSource S.A. All other trademarks and copyrights are the property of their respective owners. All rights are expressly reserved.
Privacy Policy | Cookie Policy

In-IDE

SaaS

Self-Hosted